Back Matter
  • 1, International Monetary Fund
  • | 2, International Monetary Fund
  • | 3, International Monetary Fund
  • | 4, International Monetary Fund
  • | 5, International Monetary Fund
  • | 6, International Monetary Fund


Annex 1. Countries Where Retail CBDC is Being Explored54

Jurisdictions Where Retail CBDC Is Being Explored (as of May 27, 2020)

article image
Sources: Central banks or various news sources per hyperlinks above. Italicized entries are sourced from news articles. Information has not been verified through official channels.

Annex 2. Process, Roles, and Responsibilities

The CBDC life cycle is likely to resemble at least parts of that of physical cash currency (see figure). In the case of the physical version, the first part of the cycle is to forecast the demand for cash currency, based on relevant economic data, including cyclical demand. These could be related, for instance, to national holidays, reasonably predictable shocks, such as inclement weather or even natural disasters, and agricultural cycles. This is particularly relevant for those countries where agriculture is still largely cash based.

The design of the notes would need to account for optical and security-related features. Following the forecast, the second part of the cycle is to design bank notes and/or coins. This includes optical designs (often reflecting symbols of national identity) as well as security aspects to prevent or significantly limit counterfeiting. The design of the Uruguayan e-Peso digital notes included a series ID number so the notes can be traced back to a specific user through their wallet.

CBDC, as a digital representation of the fiat currency created through an entry in a database or through token creation for the CBDC counterpart, is somewhat like the minting of coins and printing of bank notes. The creation of the CBDC could be done by the monetary authority, or, as with physical currency, outsourced following adequate governance and cybersecurity measures. Most central bank pilots are outsourcing this step, though this entails several operational risks that the central bank needs to identify, mitigate, and monitor (see Section V.B). After the creation process has been completed, the monetary authority will issue the CBDC. Since the process of creation can be almost instantaneous, issuance and creation could be linked. Although creation could be outsourced, issuance will remain a prerogative of the monetary authority (see Section V.A).

Independent of the operating model, the onboarding and identification procedures, responsibilities and costs should be thoroughly analyzed. It is still hard to implement it using a straight through process, and the ECCB pilot, for example, relies on a two-tier system to reduce costs and risk. The Uruguay e-Peso pilot fully outsourced compliance with identification requirements to the user-facing payment system providers. There are several digital identity solutions that central banks could leverage to strengthen the implementation of identification requirements in the context of CBDC.

Central banks need to discuss scenarios under which invalidation and destruction would be required as the last two possible steps of the CBDC cycle (see above figure). For instance, court orders or suspicious activities may require temporary deactivation of CBDC user accounts or tokens that could be reactivated later, without necessarily going through destruction and recreation. It should be noted that some freezing measures could be mandatory and/or permanent for financial integrity purposes.55

Anticipating the possibility of destruction may support more profound changes to the CBDC. One example relates to changes of the technology underlying the CBDC should it become obsolete and require replacement. Another similar example may occur when a third-party provider with proprietary technology compromises the security or robustness of the CBDC, which would require switching the implementation partner. In both cases, a predictable process for CBDC destruction helps ensure business continuity and address unexpected challenges. This could be implemented in the database level, with a status indicator, or in the context of DLT-based systems, the destruction could also be implemented through transferring CBDCs into a wallet that nobody has the private key and thus no possibility to transfer them out of it.

Annex 3. Additional Cybersecurity Considerations

The business and process layer

Security risks within the business layer could result in vulnerabilities and design flaws which could lead to security breaches and loss of trust. Key concerns include node protection, brute-force and availability disruption. To mitigate such risks, stakeholders – business and IT -should analyze each process/use-case to design the CBDC ecosystem with the mindset of defense-in-depth; while defining precisely each participant’s role and activities and applying security methodologies like least-privilege and need-to-know bases accordingly. A retail CBDC’s wide availability makes it more exposed to abuse of privileged access to the backend systems, if poorly designed.

The development, update and maintenance process of the CBDC platform carries a different set of security concerns. Failure to protect and monitor the source-code could lead to the injection of malicious code into the backend or interfaces of the CBDC systems.56 It is important that the source-code for the backend and interfaces applications be monitored and protected, and access and modifications be restricted through proper process and security controls. In addition, third-party libraries should systematically be examined for malicious code or vulnerabilities before integration, and before applying updates.

Cyber sovereignty risk should also be considered during the design and planning phases where the IT infrastructure of the entire country could be attacked and brought down by external actors; as a result, any CBDC could be brought down or rendered partially dysfunctional.

The infrastructure and application layer

A key decision is whether the CBDC network, servers, databases and data should be deployed within their own datacenter or a cloud/third party provider’s network. In the case of an external-hosted CBDC model, the CBDC will have to be planned and designed around some model-specific security risks. For example, the insider threat is a risk to both deployment methods, but it may be more prominent with an externally-hosted CBDC.57

Data sovereignty should also be considered during the design and planning phases of CBDC. This is because sensitive, and possibly personal data processed/stored within a foreign cloud provider could likely end up outside the central bank’s country borders. In consequence, this data may be subject to the laws and legal jurisdiction of other countries and could be summoned and disclosed to other governments without the issuing central bank’s approval or knowledge.

Cloud-hosted CBDC can suffer from shared vulnerabilities within the cloud provider’s systems, services and network components. These shared vulnerabilities can seriously undermine the integrity of the ledger and could lead to major CBDC disruptions or theft. One prominent example is the Cloudbleed vulnerability discovered in 2017 within Cloudflare, a widely used cloud provider (Prince, 2017). Cloudbleed impacted many customers and was a serious security risk to Cloudflare’s customers and their sensitive data.

CBDC’s physical layer, regardless of the hosting model, can suffer from hardware vulnerabilities. Although hardware vulnerabilities are rare; they tend to be severe and very difficult and costly to fix. Recent examples, discovered in early 2018, were the meltdown and spectre vulnerabilities in Intel x86 microprocessors (Schneier, 2018a).

The application layer is where most of the digital currency functions and processing take place. CBDC security concerns are focused around the exposed components like websites or web services etc. These interfaces are an attractive target for malicious users, especially administrative and privileged interfaces. Bitcoin Central reported a breach within their web interface where a malicious user was able to reset the privileged account password of their hosting provider and lock the exchange out of their website (Bradbury, 2013).

CBDC storage/backup and access of the encryption keys, or the authentication/ authorization secrets, are attractive targets for attackers. Most of the recent reported digital currency exchange breaches were due to improper storage and processing of private keys combined with poor system design. In the Coincheck 2018 breach, improper private key security processes resulted in more than $400 million in losses (Reuters, 2018). Risks of such breaches can be mitigated by emphasizing properly handling encryption keys during the CBDC design phase and giving appropriate guidance to end-users on how to protect and access their encryption keys or authentication/ authorization secrets.

Quantum computing is an evolving field and could pose a direct threat to encryption in general.58 However, the threat is more prominent with asymmetric encryption algorithms, which is the core component for authentication and authorization in DLT-based platforms (Schneier, 2018b). Although quantum computing is in its early stages it is advancing rapidly so DLT-based platform encryption algorithms should be designed for future flexibility for when quantum computing becomes a threat. Research initiatives are already ongoing to develop “post-quantum” or “quantum-safe” cryptographic algorithms. The U.S. National Institute of Standards and Technology (NIST) has already short-listed 26 out of 69 candidates to the semifinals; a selection is expected to take place by 2024 (NIST, 2019).

Annex 4. Blockchain Primer

Blockchain describes the format of a computerized ledger, in which valid transactions are organized in blocks. The blocks are cryptographically linked to each other in a chronological chain to ensure integrity even in an environment that the participants do not know each other (Mills and others, 2016). Only new blocks can be added to the chain, and as a verified block has been added it cannot be changed or deleted, rendering the chain immutable. Transactions are broadcast real-time across the network of participants, which eliminates the need for reconciliation or intermediation. This can reduce settlement time, lower back-office costs, and secure data transmission (Casey, 2018).

Broadly speaking, blockchain networks can be categorized along two dimensions; who can access the network and who validates transactions.

  • On a public blockchain access and interaction with the network is unrestricted and the identity of its participants is semi-anonymous. (Although the identity of network participants is not disclosed it can be ascertained based on a participant’s internet protocol (IP) address, location, and other identifying meta data.59) Consortium blockchain access, on the other hand, is granted only to selected participants. Private blockchains keep write permissions to one entity, although read permissions may be more open.

  • In a permissionless network anyone can participate in validating transactions in contrast to only selected participants within a permissioned network. Validation is the process that ensures that all participating nodes60 are synchronized and in agreement on the legitimacy of added transaction blocks. Consensus must be reached after each new block is added, and only after that can the block be considered immutable. Depending on the design, this could lead to finality uncertainty in the meantime (U.K. 2016; Mills and others, 2016; ECB 2016; Deloitte 2016).

The more restricted the network (private, permissioned) the more it looks like traditional centralized systems. The choice between permissionless and permissioned networks center around the ability to create trust among network participants and the ability to scale.

  • Permissionless platforms offer opportunities for full disintermediation but creating trust among network participants through cryptographic verification and synchronization can require high computational power. The increased computational power translates into higher energy consumption and lower throughput, which inhibits the ability to scale.

  • Permissioned platforms are based on relatively simple consensus mechanisms, since only approved participants can update the ledger. However, they are more susceptible to cyber-attacks than permissionless platforms, because it takes the compromise of only one trusted node were to bring down the network. Also, a centralized authority must determine which consensus to use, how many nodes should participate in the network and who authorizes new nodes. In addition, someone must (determine and) validate cybersecurity requirements, and decide when to upgrade and validate the code.

Public, Private and Permissioned Blockchains

Citation: IMF Working Papers 2020, 104; 10.5089/9781513547787.001.A999

Source: Kalisko 2018.

The type of consensus mechanism will depend on whether a permissioned or permission less blockchain platform is chosen.

  • Practical Byzantine Fault Tolerance (PBFT) is the most popular permissioned blockchain consensus protocol. It can reach a consensus on the validation of transactions despite the potential existence of malicious nodes in the system that are failing or propagating incorrect information to the network. A consensus decision is determined based on a majority vote submitted by all participating nodes. The objective is to defend against system failures by mitigating the malicious activities by hostile nodes that aim at impeding the correct functioning of the network. However, the PBFT protocol works only on a permissioned blockchain because there is no anonymity.

  • Proof of Work (PoW) protocol is the most common consensus mechanism among permissionless blockchains like Bitcoin. “Miners” compete to solve a cryptographic puzzle to add the next block to the chain. The first miner to solve the puzzle, receives a transaction fee and rewards in the form of newly minted crypto assets. This consensus mechanism requires high amounts of energy consumption. Another challenge is the lengthy time it takes for transaction confirmation (“finality”) which for Bitcoin can be up to 60 minutes.

  • Proof of Stake (PoS) consensus mechanisms were designed for public blockchains with a view to overcoming the challenges of PoW, particularly regarding the high energy consumption. Rather than competing through their computational power, miners buy stakes in coins at inception. The probability of being selected to validate the next block depends on the number of coins at stake. The validating node receives a processing fee, but no new coins are created. Although the PoS is more energy efficient and provides better finality, only the nodes with the highest stakes are permitted to have control of consensus. This can lead to centralization of consensus power, which promotes inequality among participants and exposes the network to vulnerabilities – one single malicious node with enough stake needs to use only financial means to potentially destroy the network (Jenks, 2018).

Several DLT wholesale CBDC implementations have been tested by central banks on payments and settlements systems (see table).61 The main DLT implementations are Hyperledger Fabric, Quorum and R3 Corda. Compared to public ones such as Bitcoin or Ethereum, they are designed for financial services or cross-industry use with features such as transaction confidentiality, high scalability and governance, etc. Among them, the differences are mainly in the implementations of the data privacy, smart contract languages, consensus rules and cross-ledger interoperability such as Hashed Time-Locked Contracts.62

Central Bank Payment System Experiments with Wholesale CBDC

article image
Sources:Bank of Canada. 2017. “Project Jasper: A Canadian Experiment with Distributed Ledger Technology for Domestic Interbank Payments Settlement.”Bank of Canada. 2017. “Project Jasper: A Canadian Experiment with Distributed Ledger Technology forDomestic Interbank Payments Settlement.”Bank of Canada. 2018. “Jasper Phase III: Securities Settlement Using Distributed Ledger Technology.”Bank of Canada and Monetary Authority of Singapore. 2019. “Jasper-Ubin Design Paper : Enabling Cross-Border High Value Transfer Using Distributed Ledger Technologies.”Banque de France. 2020. “Central Bank Digital Currency Experiments with the Banque de France: Call for Applications.”ECB-BoJ. 2017. “Payment Systems: Liquidity Saving Mechanisms in a Distributed Ledger Environment.”ECB-BoJ. 2018. “Securities Settlement Systems: Delivery-versus-Payment in a Distributed Ledger Environment.”ECB-BoJ. 2019. “Synchronized Cross-Border Payment.”HKMA-BoT. 2020. “Project Inthanon-LionRock: Leveraging Distributed Ledger Technology toIncrease Efficiency in Cross-Border Payments.”Saudi Arabian Monetary Authority. 2019. “A Statement on Launching “Aber” Project, the Common Digital Currency between Saudi Arabian Monetary Authority (SAMA) and United Arab EmiratesCentral Bank (UAECB).”Monetary Authority of Singapore. 2017. Project Ubin: SGD on Distributed Ledger.South African Reserve Bank. 2018. “Project Khokha: Exploring the Use of Distributed Ledger Technology for Interbank Payments Settlement in South Africa.”Bank of Thailand. 2019. “Project Inthanon: An application of Distributed Ledger Technology for aDecentralised Real Time Gross Settlement system using Wholesale Central Bank DigitalCurrency.”Bank of Thailand. 2019. “Project Inthanon: Enhancing Bond Lifecycle Functionalities & Programmable Compliance Using Distributed Ledger Technology.”

Corresponding author


The paper also benefited from comments and contributions from Tobias Adrian, Chris Erceg, Dong He, Tommaso Mancini-Griffoli, Wouter Bossu, Tamas Gaidosch, Dirk Jan Grolleman, Vikram Haksar, Nigel Jenkinson, Elias Kazarian, Marcello Miccoli, Mwanza Nkusu, Jan Nolte, Manasa Patnam, Nadine Schwarz, Tao Sun, Zhibo Tan, Itaru Yamamoto, David Andolfatto, Ahmed Faragallah, Michael Kumhof, David Mills, Harish Natarajan, Oya Pinar Ardic, Jorge Ponce, Adolfo Sarmiento, Cecilia Skingsley, Gynedi Srinivas, and Martin Summer. Donna Tomas provided excellent editorial assistance.


This paper does not cover wholesale CBDC (W-CBDC). W-CBDC is limited to a set of predefined user groups, typically banks and other members of national payment systems, whereas a retail CBDC is widely accessible to the public. See WEF (2020) for a broader analysis of CBDC issuance considerations that includes W-CBDC. See BIS (2019) for an extensive discussion of W-CBDC.


There are other digital forms of money backed by fiat currency but not issued by the monetary authority and are therefore not considered CBDC. These could include various forms of “b-money” such as credit and debit cards, and “e-money” like stored-value facilities (M-Pesa, AliPay and WeChat Pay). For a fuller discussion of digital money, see Adrian and Mancini-Griffoli (2019a).


Stablecoins are crypto-assets pegged to fiat currency. Crypto-assets are privately issued tokens that are digital representations of value that are not denominated in fiat currency, that depend primarily on cryptography and distributed ledger technology as part of their perceived or inherent value. Many asset-backed stablecoins have been launched. The biggest by far is Tether ($9.2 billion market capitalization on June 8, 2020), followed by USD Coin ($725 million), Paxos ($245 million), BinanceUSD ($170 million) TrueUSD ($140 million).


A smart contract encodes the terms of a traditional contract into a computer program and executes them automatically (BoE, 2020, and Box 3 in He and others, 2017).


By “active” is meant central banks which have convened projects to seriously explore retail CBDC or have undertaken pilots.


IMF staff have assessed that the potential benefits from revenue gains appear considerably smaller than the potential costs arising from economic, financial integrity, reputational, governance and legal risks. Given this, and in the absence of adequate measures to mitigate potential costs and risks, staff recommended that the Marshall Island authorities seriously reconsider the issuance of the SOV as legal tender (IMF, 2018).


For example, if there is an explicitly defined numerical inflation target, CBDC could be designed to notify when the inflation forecast is converging (or not) with the target (Sarwat, 2012).


Also, advanced data analytics involves a high degree of complexity that requires adequate resources, time and data. Setting up, training, testing and maintaining machine learning models demand substantive time commitment by subject matter experts (financial sector and monetary policy experts), data scientists, and possibly back-end developers. Vast amounts of data points are required for the model to be trained and tested. Hence data analytics will only be an option once a CBDC becomes fully operational and sufficient data has been generated. Unanticipated biases might occur in using machine learning techniques that could adversely affect segments of financial market actors. Also, strong cybersecurity will be necessary since security breaches could wreak havoc in the financial system.


In addition, central banks could lower policy rates to counter the tighter financial conditions stemming from banks’ higher lending rates, so that the banks’ response to CBDC would be less contractionary for the economy. Moreover, the net impact of CBDC adoption on interest rates will depend on how the central banks introduce the CBDC, where an injection of CBDC via the sale of government bonds could, under specific circumstances, lead to lower rates (Barrdear and Kumhof, 2016).


Retail depositors are more stable sources of funding than wholesale depositors (see Huang and Ratnovski 2011; Gertler and others 2016).


Kumhof and Noone (2018) suggest four design features to mitigate potential disintermediation risk and ensure parity between CBDC and bank deposits by (i) paying an adjustable interest rate to modulate demand, (ii) blocking conversions from reserves to CBDC, (iii) removing any guarantees of on-demand convertibility of bank deposits into CBDC, and (iv) permitting CBDC issuance only against eligible securities (government securities). However, in addition to the critique of Bindseil (2020), Bjerg (2017) questions whether the principles will actually ensure parity between CBDC and bank deposits.


However, Barrdear and Kumhof (2016) apply a theoretical model to suggest that permitting CBDC issuance only against government securities (one of the four Kumhof and Noone (2018) conditions) could lead to higher economic output. This would result from a fall in interest rates due to a combination of replacing high-interest debt with low-interest CBDC, and lower government debt default risk due to a partial replacement of defaultable debt with non-defaultable CBDC.


According to the International Association of Deposit Insurers, there are 146 countries worldwide with credible deposit insurance in place. (


See Brainard (2019) for the case of the United States, which will continue to analyze the potential benefits and costs of CBDC given the demand for physical currency, the role of the U.S. dollar as a reserve currency, the robust banking system that meets the needs for consumers, and the existence of widely available and expanding variety of digital payment options that build on existing institutional framework and applicable safeguards.


In that iterative process, cost considerations would be balanced against appropriate standards of safety and security. Best practice would also be for the CBDC arrangement to establish mechanisms for the regular review of its efficiency, including its costs and pricing structure. This could include an evaluation of both the productivity of operational processes and the relative benefits of the processing method given the corresponding costs (BIS, 2012).


The FATF is an independent inter-governmental body that develops and promotes policies (the “FATF Recommendations”) to protect the global financial system against money laundering, terrorist financing and the financing of proliferation of weapons of mass destruction. The IMF Executive Board has endorsed the FATF Recommendations as the international anti-money laundering and countering financing of terrorism (AML/CFT) standard for the purposes of its work.


An in-depth study of interoperability is outside the scope of this paper. However, at the architecture level, examples of interoperability work include (i) maximizing ability for cross-chain transfer in the case of a DLT infrastructure (“atomic swap”); (ii) adopting a common data standard such as ISO20022 to facilitate cross-systems payment; (iii) allowing cross-wallet transfer of value between different wallet providers.


For a new PSP, interoperability across PSPs could diminish the incentive of a startup to innovate since it could lower the value of a privately developed network. It could also restrict competition by excluding certain technical innovations or restricting new business models and reduce the value and increase the costs to PSPs. In addition, interoperability might increase overall risks if an innovative service provider has a higher risk profile.


The concept is not completely new. Some central banks, such as the Hong Kong Monetary Authority, and the Swiss National Bank already offer special purpose licenses that allow nonbank fintech firms to hold reserve balances, subject to an approval process. The Bank of England is discussing such prospects. The Peoples Bank of China requires the country’s large payment providers, Alipay and WeChat Pay, to hold client funds at the central bank in the form of reserves.


“In the ‘platform’ model, the [central bank] would provide a fast, highly secure and resilient technology infrastructure, which would sit alongside the [central bank’s] RTGS service and provide the minimum necessary functionality for CBDC payments. This could serve as the platform to which private sector payment interface providers would connect in order to provide customer facing CBDC payment services. Payment interface providers could also build ‘overlay services’ — additional functionality that is not part of the [central bank’s] core infrastructure, but which might be provided as a value-added service for some or all of their users. As well as providing more advanced functionality, these services might meet future payment needs by enabling programmable money, smart contracts and micropayments. Payment interface providers would be subject to appropriate regulation and supervision in line with any risks they might pose.” (BoE, 2020)


The terminology used here deviates from the “account-“ versus “token-based” based payment systems taxonomy introduced by Khan and Roberds (2009). This is to more clearly distinguish this level of classification from the technology used and skirt the debate over whether DLT-based platforms should be labeled as account- or token-based (Milne, 2020, Shah and others, 2020).


For more detail on sCBDC concepts and considerations see Adrian and Mancini-Griffoli (2019a).


The term “e-money” is also used in recent legislation (Adrian and Mancini-Griffoli, 2019). Singapore’s 2019 Payment Services Act emphasizes that “e-money” is denominated in currency, “pegged” to a currency, and is intended to serve as a “medium of exchange.” The European Commission’s 2009 Directive on electronic money defines e-money in a somewhat more general way, referring to “a claim on the issuer which is issued on receipt of funds for the purpose of making payment transactions.” According to this definition, even pre-paid cards (which were originally associated with e-money) must be redeemable.


For example, Xiao (2019) show that all proof-of-work and chain-based proof-of-stake consensus protocols can only ensure probabilistic finality.


The CPMI, previously the Committee on Payment and Settlement Systems, was renamed in June 2014.


Middle-tier services are comprised of the processing that takes place in an application server that sits between the user’s machine and the database server. A firewall allows or blocks traffic into and out of a network.


Based on the South African Reserve Bank tests several of the most popular private blockchain platforms (SARB, 2018).


For more on the challenges of limit setting, including avoiding breakdowns in parity between different forms of money, see Subsection III.B.


A recurrence of the 1859 Carrington Event could knock out communications and power for up to a year, and potentially render any digital systems unusable (Lovett, 2011).


For example, a “smart banknote” that combines blockchain with smart chip and near-field communication (NFC) technology could be used just like cash (Stewart, 2018). The smart banknote could have a tamper proof chip securing a private key, the balance could be verified by any NFC enabled smartphone, settlement could be instantaneous, and anonymity could be preserved.


A survey of about 1,200 participants during an April 7, 2020 Bank of England CBDC webinar (see found that 35 percent believed that convertibility was the most important design choice influencing CBDC demand, versus access restrictions (32 percent), renumeration (25 percent) and limits (8 percent).


Interchange fees are paid between banks for accepting card transactions. For ATM cash withdrawals transactions, interchange fees are paid by a card-issuing bank to an acquiring bank (for the maintenance of the ATM). Interchange fees are typically set by the operator of the card networks


Denial of Service (DoS) attacks are designed to overload application programming interfaces (APIs) with a massive number of requests until the service stops responding.


Agur and others (2019) argues that making CBDC interest-bearing would avoid the welfare losses that might be created by non-interest bearing CBDCs. An interest-bearing CBDC that closely competes with deposits depresses bank credit and output, while a cash-like CBDC may lead to the disappearance of cash. The paper finds that the optimal CBDC design trades off bank intermediation against the social value of maintaining diverse payment instruments. When network effects matter, an interest-bearing CBDC alleviates the central bank’s tradeoff.


For illustration, the U.S. Federal Reserve Board currency budget for 2019 was $955 million. This covered currency printing by the Bureau of Engraving and Printing, maintaining currency fitness, vault costs, protection, plus some transportation by Federal Reserve Banks, along with counterfeit deterrence. U.S. Federal Reserve Financial Service fees help recover the associate costs. The FedCash Services fee schedule, for example, includes uniform cash access policy for order and deposits and currency recirculation charges to depository institutions.


Embedded smart contracts might also be useful in implementing other monetary policy rules, such as the Taylor Rule (Constâncio, 2017).


The central bank’s risk management, legal, procurement and communication teams may be engaged upfront to help safeguard against reputational risks. Regardless of the project stage, the central bank may decide to sign non-disclosure agreements (NDA), as any technical and non-technical partner may knowingly or unknowingly put the central bank in a defensive position. The central bank could maintain control of communication by being the sole party authorized to communicate on progress of the project.


Collected data could include (anonymized) data on initial individual/businesses bank deposit holdings and substitution into digital currency, to evaluate degree of substitution with bank deposits. Average daily balances, fraction of transactions conducted in CBDC, as well as average transaction values, for instance, are all useful metrics to evaluate the uptake and success of the experiment.


This list of laws is not exhaustive and could vary by jurisdiction.


It should be noted that the definition of legal tender varies slightly among jurisdictions (He and others, 2016). For example, in some countries, legal tender rules allow the debtor to make a valid “tender”—that is, to take the necessary steps to complete a payment—but there is no obligation on the side of the creditor to accept the tender. A creditor, however, would be barred from recovering the debt in court, if he has refused to accept a valid tender. On the other hand, in other countries, it is unlawful to refuse legal tender in payment. In light of the differences in the definition of legal tender in the euro area, the European Commission adopted a recommendation in 2010 that the concept of legal tender should rely on three main elements: (i) a mandatory acceptance of banknotes and coins; (ii) for their full face value; and (iii) with a power to discharge debt.


Note that the existence of a retail CBDC as legal tender is different from it becoming currency-in-circulation. As noted in the previous sections, a retail CBDC – even if denominated in the domestic currency – would only become currency-in-circulation the moment the central bank decides to issue it.


See also Khan (2016) for more guidance on central bank risk management in general.


For example, see the Mexican Fintech Law, approved in March 2018, and the United Arab Emirates Law regarding the Central Bank and Organization of Financial Institutions and Activities, in particular regarding digital money and stored value facilities.


Which includes payment systems, Central Securities Depositories, Securities Settlement Systems, Central Counterparties, and Trade Repositories.


The applicable principles for payment systems are: legal basis, governance, framework for the comprehensive management of risks, credit risk, collateral, liquidity risk, settlement finality, money settlements, exchange-of-value settlement systems, participant-default rules and procedures, general business risk, custody and investment risks, operational risk, access and participation requirements, tiered participation requirements, efficiency and effectiveness, communication procedures and standards, and disclosure of rules, key procedures, and market data.


The responsibilities are: regulation, supervision, and oversight of FMIs; regulatory, supervisory, and oversight powers and resources; disclosure of policies with respect to FMIs; application of the principles for FMIs; and cooperation with other authorities.


Privilege escalation is the act of exploiting a vulnerability or misconfiguration within an application/system to elevate a restricted and limited access to a privileged access to perform an unauthorized functionality or gain unauthorized access to sensitive data.


Each country listed in the table embeds a hyper-link to the sources of the information regarding that country’s CBDC work.


For example, under UN Security Council Resolution 1373.


An example of such a breach was the “NotPetya” outbreak in which malicious hackers gained access to the source-code repository of a software product widely used by financial institutions (Schwartz, 2017). The hackers injected malicious code to implement a backdoor within the application to access it remotely and infiltrate the banks’ networks.

57 occurred when an insider stole their private keys to the hot and cold wallets where $7.5 million were stolen (SwiftSafe, 2018). Another example is where an insider in collaboration with an external group stole 315 Bitcoins (Sirer, 2016).


Quantum computing is based on the science of quantum physics; it introduces quantum bits (Qubits) instead of the conventional computing bits (0 and 1). Quantum computers operates by controlling the behavior of atoms (photons and electrons) and a Qubit can exist in a superposition between 0 and 1 which have the potential to enable tremendous efficiencies over conventional computers (Bernhardt, 2019).


Meta data is set of data that describes or gives information about other data.


A node can be any active electronic device, including a computer, phone or even a printer, as long as it is connected to the internet and has an IP address. The role of a node is to support the network by maintaining a copy of a blockchain and, in some cases, to process and validate transactions.


See also Shabsigh and others (2020) for a review of DLT experiments in payments and settlements systems.


“Hashed Time-Locked Contracts synchronize all the actions making up a payment, so that either they all happen, or none happen. This is achieved through the use of smart contracts on the two DLT platforms to lock or encumber the assets to be transferred, complete transactions on both platforms when a common secret is used or release the locked or encumbered asset on both platforms back to their original owners if the common secret is not used within the pre-agreed time period, i.e., upon timeout… Smart contracts are self-executing computer programs that perform predefined tasks based on a predefined set of criteria or conditions. Smart contracts cannot be altered once deployed, which ensures the faithful completion of contractual terms” (BoC/MAS, 2019).

A Survey of Research on Retail Central Bank Digital Currency
Author: Mr. John Kiff, Jihad Alwazir, Sonja Davidovic, Aquiles Farias, Mr. Ashraf Khan, Mr. Tanai Khiaonarong, Majid Malaika, Mr. Hunter K Monroe, Nobu Sugimoto, Hervé Tourpe, and Peter Zhou