III. CBDCs: an opportunity for the monetary system

BIS Annual Economic Report  | 
23 June 2021

video linkWatch the video (00:01:48) 

with Hyun Song Shin, Economic Adviser and Head of Research

Listen to the podcast (00:29:55

with Benoît Cœuré (Head of the BIS Innovation Hub) and Hyun Song Shin

Key takeaways

  • Central bank digital currencies (CBDCs) offer in digital form the unique advantages of central bank money: settlement finality, liquidity and integrity. They are an advanced representation of money for the digital economy.
  • Digital money should be designed with the public interest in mind. Like the latest generation of instant retail payment systems, retail CBDCs could ensure open payment platforms and a competitive level playing field that is conducive to innovation.
  • The ultimate benefits of adopting a new payment technology will depend on the competitive structure of the underlying payment system and data governance arrangements. The same technology that can encourage a virtuous circle of greater access, lower costs and better services might equally induce a vicious circle of data silos, market power and anti-competitive practices. CBDCs and open platforms are the most conducive to a virtuous circle.
  • CBDCs built on digital identification could improve cross-border payments, and limit the risks of currency substitution. Multi-CBDC arrangements could surmount the hurdles of sharing digital IDs across borders, but will require international cooperation.

Digital innovation has wrought far-reaching changes in all sectors of the economy. Alongside a broader trend towards greater digitalisation, a wave of innovation in consumer payments has placed money and payment services at the vanguard of this development. An essential by-product of the digital economy is the huge volume of personal data that are collected and processed as an input into business activity. This raises issues of data governance, consumer protection and anti-competitive practices arising from data silos.

This chapter examines how central bank digital currencies (CBDCs) can contribute to an open, safe and competitive monetary system that supports innovation and serves the public interest. CBDCs are a form of digital money, denominated in the national unit of account, which is a direct liability of the central bank.1 CBDCs can be designed for use either among financial intermediaries only (ie wholesale CBDCs), or by the wider economy (ie retail CBDCs).

The chapter sets out the unique features of CBDCs, asking what their issuance would mean for users, financial intermediaries, central banks and the international monetary system. It presents the design choices and the associated implications for data governance and privacy in the digital economy. The chapter also outlines how CBDCs compare with the latest generation of retail fast payment systems (FPS, see glossary).2

To set the stage, the first section discusses the public interest case for digital money. The second section lays out the unique properties of CBDCs as an advanced representation of central bank money, focusing on their role as a means of payment and comparing them with cash and the latest generation of retail FPS. The third section discusses the appropriate division of labour between the central bank and the private sector in payments and financial intermediation, and the associated CBDC design considerations. The fourth section explores the principles behind design choices on digital identification and user privacy. The fifth section discusses the international dimension of CBDCs, including the opportunities for improving cross-border payments and the role of international cooperation.

Throughout the long arc of history, money and its institutional foundations have evolved in parallel with the technology available. Many recent payment innovations have built on improvements to underlying infrastructures that have been many years in the making. Central banks around the world have instituted real-time gross settlement (RTGS) systems over the past decades. A growing number of jurisdictions (over 55 at the time of writing)3 have introduced retail FPS, which allow instant settlement of payments between households and businesses around the clock. FPS also support a vibrant ecosystem of private bank and non-bank payment service providers (PSPs, see glossary). Examples of FPS include TIPS in the euro area, the Unified Payments Interface (UPI) in India, PIX in Brazil, CoDi in Mexico and the FedNow proposal in the United States, among many others. These developments show how innovation can thrive on the basis of sound money provided by central banks.

Yet further-reaching changes to the existing monetary system are burgeoning. Demands on retail payments are changing, with fewer cash transactions and a shift towards digital payments, in particular since the start of the Covid-19 pandemic (Graph III 1, left-hand and centre panels). In addition to incremental improvements, many central banks are actively engaged in work on CBDCs as an advanced representation of central bank money for the digital economy. CBDCs may give further impetus to innovations that promote the efficiency, convenience and safety of the payment system. While CBDC projects and pilots have been under way since 2014, efforts have recently shifted into higher gear (Graph III.1, right-hand panel).

The overriding criterion when evaluating a change to something as central as the monetary system should be whether it serves the public interest. Here, the public interest should be taken broadly to encompass not only the economic benefits flowing from a competitive market structure, but also the quality of governance arrangements and basic rights, such as the right to data privacy.

It is in this context that the exploration of CBDCs provides an opportunity to review and reaffirm the public interest case for digital money. The monetary system is a public good that permeates people's everyday lives and underpins the economy. Technological development in money and payments could bring wide benefits, but the ultimate consequences for the well-being of individuals in society depend on the market structure and governance arrangements that underpin it. The same technology could encourage either a virtuous circle of equal access, greater competition and innovation, or it could foment a vicious circle of entrenched market power and data concentration. The outcome will depend on the rules governing the payment system and whether these will result in open payment platforms and a competitive level playing field.

As cash use falls and digital payments rise, CBDC projects are moving ahead

Central bank interest in CBDCs comes at a critical time. Several recent developments have placed a number of potential innovations involving digital currencies high on the agenda. The first of these is the growing attention received by Bitcoin and other cryptocurrencies; the second is the debate on stablecoins; and the third is the entry of large technology firms (big techs) into payment services and financial services more generally.

By now, it is clear that cryptocurrencies are speculative assets rather than money, and in many cases are used to facilitate money laundering, ransomware attacks and other financial crimes.4 Bitcoin in particular has few redeeming public interest attributes when also considering its wasteful energy footprint.5

Stablecoins attempt to import credibility by being backed by real currencies. As such, these are only as good as the governance behind the promise of the backing.6 They also have the potential to fragment the liquidity of the monetary system and detract from the role of money as a coordination device. In any case, to the extent that the purported backing involves conventional money, stablecoins are ultimately only an appendage to the conventional monetary system and not a game changer.

Perhaps the most significant recent development has been the entry of big techs into financial services. Their business model rests on the direct interactions of users, as well as the data that are an essential by-product of these interactions. As big techs make inroads into financial services, the user data in their existing businesses in e-commerce, messaging, social media or search give them a competitive edge through strong network effects. The more users flock to a particular platform, the more attractive it is for a new user to join that same network, leading to a "data-network-activities" or "DNA" loop (see glossary).

However, the network effects that underpin big techs can be a mixed blessing for users. On the one hand, the DNA loop can create a virtuous circle, driving greater financial inclusion, better services and lower costs. On the other, it impels the market for payments towards further concentration. For example in China, just two big techs jointly account for 94% of the mobile payments market.7 Authorities have recently addressed concerns about anti-competitive practices that exclude competitors in associated digital services such as e-commerce and social media.8 This concentration of market power is a reason why authorities in some economies are increasingly turning to an entity-based approach to regulating big techs, as a complement to the existing activities-based approach.9

Current forms of digital payments remain expensive

Entrenchment of market power may potentially exacerbate the high costs of payment services, still one of the most stubborn shortcomings of the existing payment system. An example is the high merchant fees associated with credit and debit card payments. Despite decades of ever-accelerating technological progress, which has drastically reduced the price of communication equipment and bandwidth, the cost of conventional digital payment options such as credit and debit cards remains high, and still exceeds that of cash (Graph III.2, left-hand panel). In some regions, revenues deriving from credit card fees are more than 1% of GDP (right-hand panel).

These costs are not immediately visible to consumers. Charges are usually levied on the merchants, who are often not allowed to pass these fees directly on to the consumer. However, the ultimate incidence of these costs depends on what share of the merchant fees are passed on to the consumer indirectly through higher prices. As is well known in the economics of indirect taxation, the individuals who ultimately bear the incidence of a tax may not be those who are formally required to pay that tax.10 The concern is that when big tech firms enter the payments market, their access to user data from associated digital business lines may allow them to achieve a dominant position, leading to fees that are even higher than those charged by credit and debit card companies currently. Merchant fees as high as 4% have been reported in some cases.11

Related to the persistently high cost of some digital payment options is the lack of universal access to digital payment services. Access to bank and non-bank transaction accounts has improved dramatically over the past several decades, in particular in emerging market and developing economies (EMDEs).12 Yet in many countries, a large share of adults still have no access to digital payment options. Even in advanced economies, some users lack payment cards and smartphones to make digital payments, participate in e-commerce and receive transfers (such as government-to-person payments). For instance, in the United States, over 5% of households were unbanked in 2019, and 14% of adults did not use a payment card in 2017. In France, in 2017, 13% of adults did not own a mobile phone.13 Lower-income individuals, the homeless, migrants and other vulnerable groups are most likely to rely on cash. Due in part to market power and low expected margins, private PSPs often do not cater sufficiently to these groups. Remedies may necessitate public policy support as digital payments become more dominant.

Consumers do not trust all counterparties equally to handle their data safely

The availability of massive amounts of user data gives rise to another important issue – that of data governance. Access to data confers competitive advantages that may entrench market power. Beyond the economic consequences, ensuring privacy against unjustified intrusion by both commercial and government actors has the attributes of a basic right. For these reasons, the issue of data governance has emerged as a key public policy concern. When US consumers were asked in a representative survey whom they trust with safeguarding their personal data, the respondents reported that they trust big techs the least (Graph III.3, left-hand panel). They have far more trust in traditional financial institutions, followed by government agencies and fintechs. Similar patterns are present in other countries (right-hand panel). The survey reveals a number of concerns, but the potential for abuse of data emerges as an important element. A later section of this chapter discusses data governance issues more fully.

The foundation of the monetary system is trust in the currency. As the central bank provides the ultimate unit of account, that trust is grounded on confidence in the central bank itself. Like the legal system and other foundational state functions, the trust engendered by the central bank has the attributes of a public good. Such "central bank public goods" underpin the monetary system.14

Central banks are accountable public institutions that play a pivotal role in payment systems, both wholesale and retail. They supply the ultimate means of payment for banks (bank reserves), and a highly convenient and visible one for the public (cash). Moreover, in their roles as operators, overseers and catalysts, they pursue key public interest objectives in the payments sphere: safety, integrity, efficiency and access (see glossary).

The central bank plays four key roles in pursuit of these objectives. The first is to provide the unit of account in the monetary system. From that basic promise, all other promises in the economy follow.

Second, central banks provide the means for ensuring the finality of wholesale payments by using their own balance sheets as the ultimate means of settlement, as also reflected in legal concepts of finality (see glossary). The central bank is the trusted intermediary that debits the account of the payer and credits the account of the payee. Once the accounts are debited and credited in this way, the payment is final and irrevocable.

The third function is to ensure that the payment system works smoothly. To this end, the central bank provides sufficient settlement liquidity so that no logjams will impede the workings of the payment system, where a payment is delayed because the sender is waiting for incoming funds. At times of stress, the central bank's role in liquidity provision takes on a more urgent form as the lender of last resort.

The central bank's fourth role is to oversee the payment system's integrity, while upholding a competitive level playing field. As overseer, the central bank imposes requirements on the participants so that they support the functioning of the payment system as a whole. Many central banks also have a role in the supervision and regulation of commercial banks, which are the core participants of the payment system. Prudential regulation and supervision reinforce the system. Further, in performing this role, central bank money is "neutral", ie provided on an equal basis to all commercial parties with a commitment to competitive fairness.

Central bank digital currencies should be viewed in the context of these functions of the central bank in the monetary system. Wholesale CBDCs are for use by regulated financial institutions. They build on the current two-tier structure, which places the central bank at the foundation of the payment system while assigning customer-facing activities to PSPs. The central bank grants accounts to commercial banks and other PSPs, and domestic payments are settled on the central bank's balance sheet. Wholesale CBDCs are intended for the settlement of interbank transfers and related wholesale transactions, for example to settle payments between financial institutions. They could encompass digital assets or cross-border payments. Wholesale CBDCs and central bank reserves operate in a very similar way. Settlement is made by debiting the account of the bank that has net obligations to the rest of the system and crediting the account of the bank that has a net claim on the system. An additional benefit of settlement in wholesale CBDCs is to allow for new forms of the conditionality of payments, requiring that a payment only settles on condition of delivery of another payment or delivery of an asset. Such conditional payment instructions could enhance the delivery-versus-payment mechanism in RTGS systems (see Box III.A).

Compared with wholesale CBDCs, a more far-reaching innovation is the introduction of retail CBDCs. Retail CBDCs modify the conventional two-tier monetary system in that they make central bank digital money available to the general public, just as cash is available to the general public as a direct claim on the central bank.

The monetary system with a retail CBDC

One attribute of retail CBDCs is that they do not entail any credit risk for payment system participants, as they are a direct claim on the central bank (Graph III.4). A retail CBDC is akin to a digital form of cash, the provision of which is a core responsibility of central banks. Other forms of digital retail money represent a claim on an intermediary. Such intermediaries could experience illiquidity due to temporary lack of funds or even insolvency, which could also lead to payment outages. While such risks are already substantially reduced through collateralisation and other safeguards in most cases, retail CBDCs would put an end to any residual risk.

Retail CBDCs come in two variants (Graph III.5). One option makes for a cash-like design, allowing for so-called token-based access and anonymity in payments. This option would give individual users access to the CBDC based on a password-like digital signature using private-public key cryptography, without requiring personal identification. The other approach is built on verifying users' identity ("account-based access") and would be rooted in a digital identity scheme.15 This second approach is more compatible with the monitoring of illicit activity in a payment system, and would not rule out preserving privacy: personal transaction data could be shielded from commercial parties and even from public authorities by appropriately designing the payment authentication process. These issues are intimately tied to broader policy debates on data governance and privacy, which we return to in a later section.

From the public interest perspective, the crucial issue for the payment system is how the introduction of retail CBDCs will affect data governance, the competitive landscape of the PSPs and the industrial organisation of the broader payments industry. In this connection, the experience of jurisdictions with a long history of operating retail FPS provides some useful lessons. Central banks can enhance the functioning of the monetary system by facilitating the entry of new players to foster private sector innovation in payment services. These goals could be achieved by creating open payment platforms that promote competition and innovation, ensuring that the network effects are channelled towards a virtuous circle of greater competition and better services.16

Forms of digital central bank money

Rules and standards that promote good data governance are among the key elements in establishing and maintaining open markets and a competitive level playing field. These can yield concrete economic benefits. The 2020 BIS Annual Economic Report drew a contrast between "walled gardens", where users are served in a closed proprietary network, and a public town square in which buyers and sellers can meet without artificial barriers. In return for access to all buyers, the sellers must stick to the standards set by the public authorities with a view to promoting the virtuous circle of greater participation and better services.

The analogy with the payment system is that the market stallholders in the public town square are like PSPs, each offering basic payment functionality with their particular bundle of services, such as banking, e-commerce, messaging and social media. Just as the market stallholders must stick to the standards laid down by the town authorities, these PSPs must adhere to various technical standards and data access requirements. These include technical standards such as application programming interfaces (APIs) that impose a common format for data exchange from service providers (see Box III.B). Together with data governance frameworks that assign ownership of data to users, these standards ensure interoperability of the services between PSPs so that they can work seamlessly for the user. Two instances of APIs are account information services (AIS) and payment initiation services (PIS). AIS allow users to "port" data on their transactions from one provider to another. For instance, a user who has accounts with two different banks can open the app of one bank to check the balances in the other. PIS allow a user to operate the app of one PSP to make an outgoing payment from the account of another.

Much as the local authorities preside over their town's marketplace, a central bank can provide the payment system with access to its settlement accounts. In the case of a retail FPS, the balance sheet of the central bank is, metaphorically speaking, a public space where the sellers of the payment services all interact. The central bank is best placed to play this role, as it issues the economy's unit of account and ensures ultimate finality (see glossary) of payments through settlement on its balance sheet. The central bank can also promote innovation in this bustling payments marketplace, where the network effects can be channelled towards achieving a virtuous circle of greater participation, lower costs and better services.

Whether retail CBDCs will play a similarly beneficial role will depend on the way that CBDCs frame the interaction between PSPs and their ancillary services. In a general sense, the public good nature of both CBDCs and retail FPS can be seen as resting on an open payment system around the interoperability of the services offered by PSPs. Table III.1 compares cash, retail CBDCs and FPS along dimensions relevant for users and public policy. Several similarities, but also differences, emerge.

Comparison of cash, retail FPS and retail CBDCs as payment methods

Well designed CBDCs and FPS have a number of features in common. They both enable competing providers to offer new services through a range of interfaces – including in principle via prepaid cards and other dedicated access devices, as well as services that run on feature phones. Such arrangements not only allow for lower costs to users, but also afford universal access, and could thus promote financial inclusion.

Moreover, as the issuers of CBDCs and operators or overseers of FPS, central banks can lay the groundwork for assuring privacy and the responsible use of data in payments. The key is to ensure that governance for digital identity is appropriately designed. For both CBDC and FPS, such designs can incorporate features that support the smooth functioning of payment services without yielding control over data to private PSPs, as discussed above in the context of APIs. An open system that gives users control over their data can harness the DNA loop, breaking down the silos and associated market power of incumbent private firms with exclusive control over user data.

Although CBDCs and FPS have many characteristics in common, one difference is that CBDCs extend the unique features and benefits of today's digital central bank money directly to the general public.17 In a CBDC, a payment only involves transferring a direct claim on the central bank from one end user to another. Funds do not pass over the balance sheet of an intermediary, and transactions are settled directly in central bank money, on the central bank's balance sheet and in real time. By contrast, in an FPS the retail payee receives final funds immediately, but the underlying wholesale settlement between PSPs may be deferred.18 This delay implies a short-term loan between parties, together with underlying credit risk on those exposures (Graph III.6): the payee's bank credits its account in real time, while it has an account payable vis-à-vis the payer's bank. In an FPS with deferred settlement, credit exposures between banks accumulate during the delay, for example over weekends. This exposure may be fully or partially collateralised – an institutional safeguard designed by the central bank.

Deferred wholesale settlement results in credit for payee's bank

Nevertheless, a CBDC allows for a more direct form of settlement, eliminating the need for intermediary credit and hence simplifying the architecture of the monetary system. An example of the potential benefits, to be discussed in a later section, is the potential to address the high costs and inefficiencies of international payments by extending these virtues of greater simplicity to the cross-border case.

At a more basic level, CBDCs could provide a tangible link between the general public and the central bank in the same way that cash does, as a salient marker of the trust in sound money itself. This might be seen as part of the social contract between the central bank and the public. CBDCs would continue to provide such a tangible connection even if cash use were to dwindle.

Ultimately, whether a jurisdiction chooses to introduce CBDCs, FPS or other systems will depend on the efficiency of their legacy payment systems, economic development, legal frameworks and user preferences, as well as their aims. Based on the results of a recent survey, payments safety and financial stability considerations (also in the light of cryptocurrencies and stablecoins) tend to weigh more heavily in advanced economies. In EMDEs, financial inclusion is a more important consideration.19 Irrespective of the aims, an important point is that the underlying economics concerning the competitive landscape and data governance turn out to be the pivotal factors. These are shaped by the central bank itself.

Vital to the success of a retail CBDC is an appropriate division of labour between the central bank and the private sector. CBDCs potentially strike a new balance between central bank and private money.20 They will be part of an ecosystem with a range of private PSPs that enhances efficiency without impairing central banks' monetary policy and financial stability missions. Central banks and PSPs could continue to work together in a complementary way, with each doing what they do best: the central bank providing the foundational infrastructure of the monetary system and the private PSPs using their creativity, infrastructure and ingenuity to serve customers.

Indeed, there are good arguments against a one-tier system fully operated by the central bank, ie a direct CBDC (Graph III.7, top panel).21 Direct CBDCs would imply a large shift of operational tasks (and costs) associated with user-facing activities from the private sector to the central bank. These include account opening, account maintenance and enforcement of AML/CFT rules, as well as day-to-day customer service. Such a shift would detract from the role of the central bank as a relatively lean and focused public institution at the helm of economic policy.

Equally important is the long-term impact on innovation. Banks, fintechs and big techs are best placed to use their expertise and creativity to lead innovative initiatives, and integrate payment services with consumer platforms and other financial products. Central banks should actively promote such innovations, not hinder them.

Most fundamentally, a payment system in which the central bank has a large footprint would imply that it could quickly find itself assuming a financial intermediation function that private sector intermediaries are better suited to perform. If central banks were to take on too great a share of bank liabilities, they might find themselves taking over bank assets too.22

For these reasons, CBDCs are best designed as part of a two-tier system, where the central bank and the private sector each play their respective role. A logical step in their design is to delegate the majority of operational tasks and consumer-facing activities to commercial banks and non-bank PSPs that provide retail services on a competitive level playing field. Meanwhile, the central bank can focus on operating the core of the system. It guarantees the stability of value, ensures the elasticity of the aggregate supply of money and oversees the system's overall security.

Retail CBDC architectures and central bank-private sector cooperation

However, as households and firms hold direct claims on the central bank in a retail CBDC, some operational involvement of the central bank is inevitable. Exactly where the line is drawn between the respective roles of the central bank and private PSPs depends on data governance and the capacity for regulation of PSPs.

One possibility is an operational architecture in which the private sector onboards all clients, is responsible for enforcing AML/CFT regulations and ongoing due diligence, and conducts all retail payments in real time. However, the central bank also records retail balances. This "hybrid" CBDC architecture (Graph III.7, centre panel) allows the central bank to act as a backstop to the payment system. Should a PSP fail, the central bank has the necessary information – the balances of the PSP's clients – allowing it to substitute for the PSP and guarantee a working payment system. The e-CNY, the CBDC issued by the People's Bank of China and currently in a trial phase, exemplifies such a hybrid design.23

An alternative model is one in which the central bank does not record retail transactions, but only the wholesale balances of individual PSPs (Graph III.7, bottom panel). The detailed records of retail transactions are maintained by the PSP. The benefits of such an "intermediated" CBDC architecture would be a diminished need for centralised data collection and perhaps better data security due to the decentralised nature of record-keeping – aspects that have been discussed in several advanced economies.24 By reducing the concentration of data, such designs could also enhance privacy (see next section). The downside is that additional safeguards and prudential standards would be necessary, as PSPs would need to be supervised to ensure at all times that the wholesale holdings they communicate to the central bank accurately reflect the retail holdings of their clients.

An important aspect of any technical system for a CBDC is that it embodies a digital ledger recording who has paid what to whom and when. The ledger effectively serves as the memory of all transactions in the economy.25 The idea that money embodies the economy's memory means that a key design choice is whether a CBDC should rely on a trusted central authority to maintain the transactions ledger, or whether it is based on a decentralised governance system. In both a hybrid and an intermediated architecture, the central bank can choose to run the infrastructure to support record-keeping, messaging and related tasks, or delegate these tasks to a private sector provider.

Assessing the merits of each approach is an area of ongoing research. These studies also cover novel forms of decentralisation enabled via distributed ledger technology (DLT, see glossary). So-called permissioned DLT is envisioned in many current CBDC prototypes. In the process of updating the ledger of payment records, such permissioned DLT systems borrow concepts from decentralised cryptocurrencies, but remedy the problems due to illicit activity by allowing validation only by a network of vetted or permissioned validators.

Permissioned DLT designs may have economic potential in financial markets and payments due to enhanced robustness and the potentially lower cost of achieving good governance, as compared with systems with a central intermediary. However, such resilience does not come for free, as an effective decentralised design that ensures the right incentives of the different validators is costly to maintain. On balance, a trusted centralised design may often be superior, as it depends less on aligning the incentives of multiple private parties.26

These design choices will also have a bearing on the industrial organisation of the market for payments. They will determine the requirements for data governance and privacy, as well as the resultant DNA loop and market structure.

In the hybrid CBDC model, the central bank would have access to the full record of CBDC transactions. This would lead to a competitive level playing field among private PSPs, but comes at the expense of a greater concentration of data in the hands of the central bank itself. Additional data governance requirements may be needed in such cases, as we discuss below.

An intermediated CBDC model would have economic consequences that are similar to those of today's retail FPS. These are based on an open architecture in which PSPs retain an important role in protecting customer data. In such systems, APIs ensure interoperability and data access between PSPs (see Box III.B above), thereby avoiding closed networks and walled gardens. Instead, PSPs would operate customer wallets as a custodian, rather than holding deposit liabilities vis-à-vis the users of the payment system. This would simplify the settlement process. Further, a level playing field ensures that network effects would facilitate a virtuous cycle of greater user participation and lower costs through competition and private sector innovation.

However, any CBDC architecture faces issues of data governance. The risks of data breaches would put an additional onus on the institutional and legal safeguards for data protection. This consideration also applies to today's conventional payment system, in which PSPs store customer data. Yet data privacy and cyber resilience take on added importance in a system with a CBDC, especially on the part of the issuing central bank. To address these concerns, CBDC designs can incorporate varying degrees of anonymity, as discussed in the next section.

CBDCs can be designed to have a limited financial system footprint – like cash today

In addition to these operational considerations, the broader impact on financial intermediation activity is an important consideration in assessing the economic impact of CBDCs. Just like cash, CBDCs can be designed to maximise usefulness in payments, without giving rise to large inflows onto the central bank's balance sheet. The design of CBDCs should further mitigate the systemic implications for financial intermediation, by ensuring that commercial banks can continue to serve as intermediaries between savers and borrowers. While cash offers safety and convenience in payments, it is not widely used as store of value. Today, consumers' holdings of cash for payment purposes are in fact minimal in comparison with sight deposits at commercial banks (Graph III.8).

Central banks have ample scope to ensure the smooth functioning of intermediation activities and possess the tools to achieve this objective (Table III.2). One option is to remunerate CBDC holdings at a lower interest rate than that on commercial bank deposits.27 Just as cash holdings offer no remuneration, a central bank could pay zero interest, or in principle a negative interest rate. For CBDCs tied to an identity scheme (ie account-based CBDCs), any potential encroachment on private intermediaries could be further mitigated via caps that restrict the amount of CBDC held by households and businesses. Another option might combine caps and an interest rate policy, with CBDC balances below a given level earning a zero or low interest rate and balances above that level earning a negative interest rate. One caveat with hard caps is that households or firms that have reached their cap could not accept incoming payments, resulting in a broken payment process. To ensure that households and firms can accept incoming payments at all times, any funds in excess of a cap could be transferred automatically to a linked commercial bank deposit account – the so-called overflow approach.28 Caps, overflows and remuneration policies would not only limit the impact of a CBDC on credit intermediation in normal times, but they could also mitigate potential runs into the CBDC during market turmoil. Central banks might devise various ways of deterring "digital runs" from commercial banks to CBDCs in times of stress.29

Store-of-value properties of cash, CBDCs and bank deposits

On top of these considerations, an economic design which limits a CBDC's footprint would also ensure that its issuance does not impair the monetary policy transmission process. Instead, interest-bearing CBDCs would give central banks an additional instrument for steering real activity and inflation.30 If changes to the policy rate were directly passed through to CBDC remuneration, monetary transmission could be strengthened. There has also been discussion about the use of CBDCs to stimulate aggregate demand through direct transfers to the public. Rather than the use of the CBDC per se, the key challenge for such transfers is to identify recipients and their accounts.31 In any case, as CBDCs would coexist with cash, users would have access to either instrument, and it is unlikely that deeply negative interest rates would prevail, or that CBDC would materially change the effective lower bound on monetary policy rates.

Overall, a two-tiered architecture emerges as the most promising direction for the design of the overall payment system, in which central banks provide the foundations while leaving consumer-facing tasks to the private sector. In such a system, PSPs can continue to generate revenue from fees as well as benefiting from an expanded customer base through the provision of CBDC wallets and additional embedded digital services. A CBDC grounded in such a two-tiered system also ensures that commercial banks can maintain their vital function of intermediating funds in the economy. Both hybrid and intermediated models give central banks design options for sound data governance and high privacy standards. In either system, CBDCs could be supported by policy tools so that any unintended ramifications for the financial system and monetary policy could be mitigated.

Effective identification is crucial to every payment system. It guarantees the system's safety and integrity, by preventing fraud and bolstering efforts to counter money laundering and other illicit activities. Sound identification is further required to ensure equal access for all users.

To ensure access and integrity in today's financial system, bank and non-bank PSPs verify identity. When customers open an account, PSPs often demand physical documents, eg passports or driving licenses. For cash, small transactions are anonymous and largely unregulated for practical reasons, but identity checks apply to high-value payments. Despite these measures, identity fraud is a key concern in the digital economy.32 These considerations suggest that a token-based CBDC which comes with full anonymity could facilitate illegal activity, and is therefore unlikely to serve the public interest.33

Identification at some level is hence central in the design of CBDCs. This calls for a CBDC that is account-based and ultimately tied to a digital identity, but with safeguards on data privacy as additional features. A digital identity scheme, which could combine information from a variety of sources to circumvent the need for paper-based documentation, will thus play an important role in such an account-based design. By drawing on information from national registries and from other public and private sources, such as education certificates, tax and benefits records, property registries etc, a digital ID serves to establish individual identities online.34 It opens up access to a range of digital services, for example when opening a transaction account or online shopping, and protects against fraud and identity theft.

Assuming that CBDCs are to be account-based, an important question is who should verify the identity of an individual seeking to join the network of CBDC users, and how this verification should be done. Digital ID schemes have already emerged in several countries, but their specific designs and the relative roles of the public and private sector differ substantially (Graph III.9).

A broad range of public and private solutions for a digital ID

At one end of the spectrum are systems that rely exclusively on private parties to verify identity. Big techs such as Google or Facebook, and Alibaba or Tencent in China have developed their own digital IDs that are required for many of their services, including payment apps (panel 1). In some cases, consortiums of private firms provide a harmonised ID that works across multiple providers (panel 2). For example, yes® will allow customers of Germany's savings and cooperative banks to use their online banking details as a digital ID. The main drawback of purely private IDs is that they are limited to the specific network for which they are designed, and hence may lead to silos and limited interoperability with other services.

Some countries follow models based on public-private partnership. In one variant, market-driven collaboration is guided by principles set out by the authorities (panel 3). For instance, a consortium of banks in Sweden developed the BankID solution, which allows users to authenticate themselves for payments and government services. Similar solutions are offered in Denmark, Finland and Norway.

Proceeding one step further are systems in which the private and official sector develop a common governance framework and strive for interoperability between their services, as seen in France or the Netherlands (panel 4). Government-led solutions represent the furthest-reaching model (panel 5). These allow administrative databases to be linked up, further enhancing the functionality and usefulness of digital ID. For example, Estonia provides every citizen with a digital identity that allows access to all of the country's e-services. In Singapore, the SingPass platform provides a digital identity linked to individuals' biometrics (facial recognition and fingerprints). The Kenyan Huduma Namba system brings together information from various sources and allows access to a range of public services.

In an alternative, nascent model of digital ID, an individual has ownership and control over their credentials. These can be selectively shared with counterparties, who can verify that the credentials belong to a valid issuer. In such a "federated" model, different attributes of each person are recorded and issued by different entities. A federated digital ID (see glossary) could potentially allow for identification alongside decentralised storage of data.

Any identification framework requires a high standard of cyber security. PSPs have been frequently targeted by cyber attacks, both before and during the Covid-19 pandemic (Graph III.10, left-hand panel). The rising incidence of major data breaches in recent years, in particular at financial institutions (right-hand panel), underscores the possibility that data or funds may be stolen. Such risks would be similar for CBDC payment services.

Addressing cyber risks and data breaches is key for CBDC  design

These risks underline that, while identification (based on a unique digital ID) is crucial for the safety of the payment system and transactions in a CBDC, there is a countervailing imperative to protect the privacy and safety of users. Beyond theft, the combination of transaction, geolocation, social media and search data raises concerns about data abuse and even personal safety. As such, protecting an individual's privacy from both commercial providers and governments has the attributes of a basic right. In this light, preventing the erosion of privacy warrants a cautious approach to digital identity.

Consequently, it is most useful to implement anonymity with respect to specific parties, such as PSPs, businesses or public agencies. CBDC designs can allow for privacy by separating payment services from control over the resulting data. Like some FPS, CBDCs could give users control over their payments data, which they need only share with PSPs or third parties as they decide (eg to support a credit application or other services). This can protect against data hoarding and abuse of personal data by commercial parties. Such designs can also prevent access by the central bank and other public authorities, while still allowing access by law enforcement authorities in exceptional cases – similar to today's bank secrecy laws. In addition to the issue of who can access data, governance issues need to be addressed with respect to who holds the data. Concentration of data in the hands of a single entity puts an additional premium on the institutional and legal safeguards for data protection.

In recognition of these data governance issues, some CBDC designs aim to safeguard anonymity through additional overlays, even for account-based CBDCs. One proposal is to ensure the anonymity of small-value transactions by issuing vouchers which are maintained by a separate data registrar that issues them up to some limit in the user's name. Another approach, considered in the case of China's e-CNY, is to shield the identity of the user by designating the user's public key, which is issued by the mobile phone operator, as the digital ID. The central bank would not have access to the underlying personal details.35

Overall, these developments suggest that the most promising way of providing central bank money in the digital age is an account-based CBDC built on digital ID with official sector involvement. Digital ID could prove more efficient than physical documents, opening up many ways of supporting digital services in general. One size would not fit all in the choice of digital identification systems, as different societies will have different needs and preferences. A recent referendum in Switzerland illustrates this. While voters did not object to a digital ID in general, they rejected the proposal for one provided by the private sector.36 The foundational, public good nature of digital ID suggests that the public sector has an important role to play in providing or regulating such systems.

The globalisation of economic activity has required a commensurate evolution of cross-border online services. The massive growth of travel and remittances has led to rising demand for cross-border retail payment services.37 International tourism expenditures, for instance, have doubled over the past 15 years, while the number of parcels shipped across borders has more than tripled. In just one decade, global remittances rose by two thirds, to $720 billion in 2019 (Graph III.11, left-hand panel). Yet payment services do not work seamlessly across borders, as they are at times slow, expensive, opaque and cumbersome to use.

CBDCs could pave the way for innovations that improve international payments. They can make use of the fact that retail users have direct claims on central bank money to simplify the monetary architecture.38 However, design features matter for their overall impact in the cross-border context and whether CBDCs will serve the broader public interest. One potential concern is that the use of CBDCs across borders might exacerbate the risk of currency substitution, whereby a foreign digital currency displaces the domestic currency to the detriment of financial stability and monetary sovereignty. Indeed, a number of central banks see currency substitution – along with tax avoidance and more volatile exchange rates – as a key risk that they are addressing in their work on CBDCs (Graph III.11, centre panel).39

Cross-border retail activity is rising, but  dollarisation  is primarily a trust issue

Such concerns around potential harmful spillovers associated with currency substitution are not new. So-called dollarisation refers to the domestic use of a foreign currency in daily transactions and financial contracts, as well as the associated macroeconomic implications. Dollarisation, a long-running theme in international finance, is widespread in some economies.

However, the effective design of CBDCs based on digital ID and implemented as an account-based system can be expected to largely eliminate such risks. The potential for a foreign CBDC to make deep inroads into the domestic market, or to take off as a "dominant" global currency, is likely to be limited. For example, for China's account-based e-CNY to circulate widely in another jurisdiction, both the issuing central bank (the People's Bank of China), and to a large extent also the central bank of the receiving jurisdiction would need to accept this situation. The issuing central bank would need to recognise a foreign user's digital ID as that of a bona fide member of the CBDC network. The idea of paper currency circulating in the black market is thus an inaccurate analogy to how a CBDC would operate. In this sense, CBDCs have attributes that are very different to those of cash, even though both are direct claims on the central bank.

More broadly, it is important to bear in mind the dictum that the payment system does not exist in a vacuum. Payments mirror underlying economic transactions. The existence of a payment need reflects the economic transaction between the payer and the payee, for instance, a tourist from China who is shopping at a department store in a foreign holiday destination. Since issuing central banks would retain control over cross-border usage, they could restrict non-residents' access to their currency to certain permitted transactions only. This might reduce the risk of volatile flows and currency substitution in recipient economies. Such restrictions would resemble existing rules governing how non-residents can open a bank account outside their home country.

Not only issuing, but also recipient economies have policy tools to address the concerns of digital currency substitution. In particular, robust legal tender provisions can ensure that the use of the national currency is favoured in domestic payments.

For these reasons, the risks of currency substitution from cross-border use of CBDCs may be limited and could be addressed largely through international monetary cooperation. The widespread international use of some currencies stems from other factors, such as the depth, efficiency and openness of a country's financial markets, trust in a currency's long-run value and confidence in the institutional and legal infrastructure. For instance, dollarisation is typically higher in countries with historically high inflation (Graph III.11, right-hand panel). A foreign currency is unlikely to gain a domestic foothold just because it is digital.

The cross-border use of account-based CBDCs will require international cooperation. One challenge relates to the use of digital ID information outside the originating country. The issuing authority or user may not be willing to provide this information to countries that may have different data protection regulations. ID systems may be not fully interoperable. Indeed, even within a jurisdiction, ID documents may be issued by several different public authorities, sometimes with limited coordination between them. As a supranational digital ID would require unprecedented concentration of an individual's information, it would be politically fraught. However, a supranational digital ID scheme would not be necessary for cross-border cooperation on CBDCs.

Instead, international efforts towards mutually recognising national ID credentials are a more promising approach. A G20 roadmap for cross-border payments has given impetus to cooperative efforts in several directions, complementing the standard-setting efforts among central banks in the BIS Committee for Payments and Market Infrastructures.40 One building block involves fostering KYC and sharing information on identity across borders. Another involves reviewing the interaction between data frameworks and cross-border payments, and yet another involves factoring an international dimension into CBDC design.41

Such cooperation could form the basis for robust payment arrangements that tackle today's challenges head-on. Of particular promise are multi-CBDC (mCBDC) arrangements that join up CBDCs to interoperate across borders. These arrangements focus on coordinating national CBDC designs with consistent access frameworks and interlinkages to make cross-currency and cross-border payments more efficient. In this way, they represent an alternative to private sector global stablecoin projects.42

Multi-CBDC arrangements can facilitate cross-border payments

mCBDC arrangements would allow central banks to mitigate many of today's frictions by starting from a "clean slate", unburdened by legacy arrangements. There are three potential models. First, they could enhance compatibility for CBDCs via similar regulatory frameworks, market practices and messaging formats (Graph III.12, top panel). Second, they could interlink CBDC systems (middle panel), for example via technical interfaces that process end user-to-end user transactions across currency areas without going through any middlemen.

The greatest potential for improvement is offered by the third model, a single mCBDC system that features a jointly operated payment system hosting multiple CBDCs (bottom panel). FX settlements would be payment-versus-payment (PvP) by default, rather than requiring routeing or settlement instructions through a specific entity acting as an interface. Facilitating access and compatibility through such a system could benefit users through improved efficiency, lower costs and wider use of cross-border payments.

mCBDC  models offer an opportunity to improve cross-border payments

The potential benefits of these arrangements increase with the degree of harmonisation and technical alignment. Each would require increasingly intertwined identification schemes, but in all cases, ID would remain at a national level. Enhanced compatibility (model 1) might require some coordination of digital ID schemes across payment areas, such that the same necessary information could be used in each case to comply with AML/CFT requirements. Interlinked CBDCs (model 2) would have to rely on some common cross-border standard for identity schemes. An example is an approach that maps heterogeneous schemes to a shared template. Single mCBDC systems (model 3) could be built on similar standards. Yet even in this model, with a single, jointly operated mCBDC system, a single ID system would not be needed; it would be sufficient for participating jurisdictions to recognise one another's IDs. Making the most out of CBDCs in cross-currency transactions thus requires international cooperation.

Central banks around the world have embarked on developing mCBDC arrangements in close collaboration to foster more efficient cross-border payments. A prime example is the "mCBDC Bridge" project of the BIS Innovation Hub and its partner central banks in China, Hong Kong SAR, Thailand and the United Arab Emirates (model 3). This project explores how CBDCs could help to reduce costs, increase transparency and tackle regulatory complexities in payments.

A broader stocktake of central bank research and design efforts finds that, out of 47 public retail CBDC projects, 11 feature a cross-border dimension (Graph III.13, left-hand panel). Responses to a survey of major central banks highlight that about one in four is considering incorporating features to enhance cross-border and cross-currency settlement in future CBDC designs (centre panel). Among the central banks that do, all three mCBDC arrangements are being considered. While a single mCBDC (model 3) provides the most benefits from a technological perspective, the preferred choice at present is the interlinking mCBDC arrangement (model 2) – possibly reflecting the reduced need for cooperation. Additionally, some central banks are also considering taking on an operational role in FX conversion (right-hand panel).

Current and planned cross-border CBDC projects show that the future of the international financial system rests on upgrading it for the digital age. Different mCBDC arrangements might contribute towards this goal, but their detailed architecture will depend on the specific features of domestic CBDC systems. Even though payment system design is primarily a domestic choice, new technologies and models of cooperation will make it feasible to overcome the challenges faced by previous projects to interlink payment systems across borders.

Central banks stand at the centre of a rapid transformation of the financial sector and the payment system. Innovations such as cryptocurrencies, stablecoins and the walled garden ecosystems of big techs all tend to work against the public good element that underpins the payment system. The DNA loop, which should encourage a virtuous circle of greater access, lower costs and better services, is also capable of fomenting a vicious circle of entrenched market power and data concentration. The eventual outcome will depend not only on technology but on the underlying market structure and data governance framework.

Central banks around the world are working to safeguard public trust in money and payments during this period of upheaval. To shape the payment system of the future, they are fully engaged in the development of retail and wholesale CBDCs, alongside other innovations to enhance conventional payment systems. The aim of all these efforts is to foster innovation that serves the public interest.

CBDCs represent a unique opportunity to design a technologically advanced representation of central bank money, one that offers the unique features of finality, liquidity and integrity. Such currencies could form the backbone of a highly efficient new digital payment system by enabling broad access and providing strong data governance and privacy standards based on digital ID. To realise the full potential of CBDCs for more efficient cross-border payments, international collaboration will be paramount. Cooperation on CBDC designs will also open up new ways for central banks to counter foreign currency substitution and strengthen monetary sovereignty.

Access: as used in this chapter, this means the access of households and businesses to payment services (see "financial inclusion").

Account-based CBDC: a type of CBDC tied to an identification scheme, such that all users need to identify themselves to access it.

Application programming interface (API): a set of rules and specifications followed by software programmes to communicate with each other, and an interface between different software programmes that facilitates their interaction.
See www.bis.org/bcbs/publ/d486.pdf.

Central bank digital currency (CBDC): a digital payment instrument, denominated in the national unit of account, that is a direct liability of the central bank.
See www.bis.org/publ/othp33.pdf.

Cross-border and cross-currency payments: cross-border payments are those where the payer and payee reside in different jurisdictions. Many, but not all, of these are also cross-currency payments – that is, payments where the payer and payee are respectively debited and credited in different currencies. Payments within monetary unions or payments in a common invoice currency may be cross-border but not cross-currency.
See www.bis.org/publ/qtrpdf/r_qt2003h.htm.

Distributed ledger technology (DLT): the processes and related technologies that enable nodes in a network (or arrangement) to securely propose, validate and record state changes (or updates) to a synchronised ledger that is distributed across the network's nodes.
See www.bis.org/cpmi/publ/d157.pdf.

Data-Network-Activities (DNA) loop: the self-reinforcing loop between data, network externalities and activities, as generated on big techs' online platforms (social networks, e-commerce platforms and search engines), that allow different types of user to interact.
See https://www.bis.org/publ/arpdf/ar2019e3.htm.

Efficiency: the efficiency of payments refers to low costs, and in some cases also to the speed, quality and transparency of payments.

Fast payment system (FPS): a payment system in which the transmission of the payment message and the availability of final funds to the payee occur in real time or near-real time and on as near to a 24-hour and seven-day (24/7) basis as possible.
See www.bis.org/cpmi/publ/d154.pdf.

Federated digital ID: a digital identity system in which an individual's personal identity is stored in several distinct identity systems, while allowing for interoperability and authentication across systems and external applications.

Financial inclusion: universal access to, and frequent use of, a wide range of reasonably priced financial services, in particular transaction accounts.
See UFA2020 Overview: Universal Financial Access by 2020 and www.bis.org/cpmi/publ/d191.pdf.

Integrity: compliance with rules against unlawful action, including the adherence to rules against bribery and corruption, anti-money laundering and combating the financing of terrorism; as well as consistent and complete reporting.
See Assessing Financial System Integrity-Anti-Money Laundering and Combating the Financing of Terrorism.

Payment service provider (PSP): an entity that may issue payment instruments or provide retail payment services. This can include commercial banks and non-bank financial institutions.

Retail (or general-purpose) CBDC: a CBDC for use by the general public.

Safety: the "safety" of different forms of money, in the context of their use as settlement assets, means the likelihood of the asset retaining its value to the holder, and hence its acceptability to others as a means of payment.
See www.bis.org/cpmi/publ/d55.pdf.

Token-based CBDC: a type of CBDC secured via passwords such as digital signatures that can be accessed anonymously.

Ultimate finality: final settlement in central bank money. Finality is achieved when settlement of an obligation is legally irrevocable and unconditional. The choice of settlement asset is important as, even when the original payment obligation is fully extinguished (ie paid with finality), there can be both credit and liquidity risks for the payee associated with holding the resulting settlement asset. The related term "ultimate settlement" combines the concept of settlement being final with the concept of the settlement asset being the least risky possible.
See www.bis.org/cpmi/publ/d55.pdf.

Wholesale CBDC: a CBDC for use by financial institutions (wholesale transactions) that is different from balances in traditional bank reserves or settlement accounts.
See www.bis.org/cpmi/publ/d174.pdf.

1 See Group of central banks, Central bank digital currencies: foundational principles and core features, October 2020.

2 See Committee on Payments and Market Infrastructures (CPMI), Fast payments – enhancing the speed and availability of retail payments, November 2016.

3 See M Bech, J Hancock and W Zhang, "Fast retail payment systems", BIS Quarterly Review, March 2020, p 28.

4 See S Foley, J Karlsen and T Putniņš, "Sex, drugs, and bitcoin: how much illegal activity is financed through cryptocurrencies?", The Review of Financial Studies, vol 32, no 5, May 2019, pp 1798–853; M Paquet-Clouston, B Haslhofer and B Dupont, "Ransomware payments in the Bitcoin ecosystem", Journal of Cybersecurity, May 2019, pp 1–11.

5 In early June 2021 the estimated annualised electricity consumption of the Bitcoin network was roughly the same as that of the Netherlands. See Cambridge Bitcoin Energy Consumption Index, www.cbeci.org.

6 For a discussion of the risks to stablecoins' value backing, and potential use cases, see D Arner, R Auer and J Frost, "Stablecoins: risks, potential and regulation", Bank of Spain, Financial Stability Review, November 2020.

7 See J Frost, L Gambacorta, Y Huang, H S Shin and P Zbinden, "BigTech and the changing structure of financial intermediation", Economic Policy, vol 34, no 100, October 2019, pp 761–99.

8 See R McMorrow, "China tech groups given a month to fix antitrust practices", Financial Times, 13 April, 2021.

9 See F Restoy, "Fintech regulation: how to achieve a level playing field", FSI Occasional Papers, no 17, February 2021.

10 See J Stiglitz and J Rosengard, Economics of the Public Sector, fourth edition, New York, W W Norton & Company, 2015.

11 See Reuters, "Brazil antitrust watchdog questions Facebook's WhatsApp payment fees", 28 July 2020.

12 See CPMI and World Bank, Payment aspects of financial inclusion in the fintech era, April 2020.

13 See M Kutzbach, A Lloro, J Weinstein and K Chu, "How America Banks: household use of banking and financial services", FDIC Survey, October 2020; R Auer, J Frost, T Lammer, T Rice and A Wadsworth, "Inclusive payments for the post-pandemic world", SUERF Policy Notes, September 2020; World Bank, Findex.

14 See A Carstens, "The future of money and the payment system: what role for central banks", lecture at Princeton University, Princeton, 5 December 2019.

15 See C Kahn, "How are payment accounts special?" Payments innovation, symposium, Federal Reserve Bank of Chicago, October 2016.

16 See BIS, "Central banks and payments in the digital era", Annual Economic Report June 2020, Chapter III.

17 See A Carstens, "Central bank digital currencies: putting a big idea into practice", speech at the Peterson Institute for International Economics, 31 March 2021.

18 In today's payment systems, both real-time and deferred net settlement are used. Examples of the latter include SNCE in Spain, IBPS in China and FPS in the United Kingdom, while examples of the former include TIPS in the euro area and BiR in Sweden. Among the CPMI members, 12 FPS use deferred net settlement while 15 use real-time settlement.

19 See C Boar and A Wehrli, "Ready, steady, go? – Results of the third BIS survey on central bank digital currency", BIS Papers, no 114, January 2021.

20 See A Carstens, "The future of money and payments", Bank of Ireland Whitaker Lecture, Dublin, 22 March 2019.

21 The various CBDC architectures are described in R Auer and R Böhme, "The technology of retail central bank digital currency", BIS Quarterly Review, March 2020, pp 85–100; R Auer and R Böhme, "Central bank digital currency: the quest for minimally invasive technology", BIS Working Papers, no 948, June 2021.

22 Banks must know or estimate borrowers' solvency to price the associated risk. Public sector institutions may not have the same degree of relevant knowledge as local and specialised private lenders do. This is the core case for free markets, as presented in F Hayek, "The use of knowledge in society", American Economic Review, vol 35, no 4, 1945, pp 519–30.

23 See the discussion of the e-CNY project in R Auer, G Cornelli and J Frost, "Rise of the central bank digital currencies: drivers, approaches and technologies", BIS Working Papers, no 880, August 2020.

24 See eg J Powell, "Letter to Congressman French Hill", 19 November 2019.

25 See BIS (2020), op cit; N Kocherlakota and N Wallace, "Incomplete record-keeping and optimal payment arrangements," Journal of Economic Theory, vol 81, no 2, 1998, pp 272–89; C Kahn and W Roberds, "Why pay? An introduction to payments economics", Journal of Financial Intermediation, vol 18, no 1, January 2009, pp 1–23.

26 See R Auer, C Monnet and H S Shin "Permissioned distributed ledgers and the governance of money", BIS Working Papers, no 924, January 2021.

27 See eg D Andolfatto, "Assessing the impact of central bank digital currency on private banks", The Economic Journal, vol 131, no 634, February 2021, pp 525–40; and J Fernandez-Villaverde, D Sanches, L Schilling and H Uhlig, "Central bank digital currency: central banking for all?", NBER Working Papers, no 26753, February 2020.

28 See U Bindseil, "Tiered CBDC and the financial system", ECB Working Paper Series, no 2351, January 2020.

29 See Bindseil (2020), op cit.

30 See M Bordo and R Levine, "Central bank digital currency and the future of monetary policy", Hoover Institution Working Papers, 2017. The authors advocate the introduction of CBDCs so that central banks can implement negative interest rate policies more effectively.

31 See CPMI and Markets Committee, Central bank digital currencies, March 2018.

32 US data show that reports of identity theft have risen steadily over the last years. See Federal Trade Commission, "Consumer Sentinel Network Data Book 2020", February 2021.

33 Because of their digital, borderless nature, fully anonymous CBDCs could become a vehicle for illicit activity. Even with transaction limits, there is the potential for "smurfing", or laundering the proceeds of illicit transactions into many smaller transactions or accounts.

34 For a relevant discussion, see UK Department for Digital, Culture, Media and Sport, "The UK digital identity and attributes trust framework", February 2021.

35 See, for proposals of such semi-anonymous designs, Auer, Cornelli and Frost (2020), op cit; ECB, "Exploring anonymity in central bank digital currencies", In Focus, no 4, December 2019; Reuters, Technology News, "China's digital currency not seeking 'full control' of individuals' details – central bank official", 12 November 2019.

36 Switzerland's "E-ID Referendum" took place on 7 March 2021. The referendum was on the introduction of a digital ID for Swiss citizens, which would be provided by private companies. While 36% of voters backed the proposal, 64% rejected it. 

37 See B Cœuré, "Digital challenges to the international monetary and financial system", speech at a conference on "The future of the international monetary system", Luxembourg, 17 September 2019.

38 See R Auer, C Boar, G Cornelli, J Frost, H Holden and A Wehrli, "CBDCs beyond borders: results from a survey of central banks", BIS Papers, no 116, June 2021.

39  See M Ferrari, A Mehl and L Stracca, "Central bank digital currency in an open economy", ECB Working Paper Series, no 2488, November 2020.

40  See G20 Finance Ministers and Central Bank Governors, Communiqué, Riyadh, 23 February 2020.

41  See CPMI, Enhancing cross-border payments: building blocks of a global roadmap, July 2020.

42  As argued by Carstens (2021), op cit.