A project involving the central banks of Hong Kong and Israel has generated ‘valuable practical insights’ into important aspects of central bank digital currency (CBDC) implementation, according to the authorities involved.
The findings of ‘Project Sela’ – which was co-ordinated by the Bank for International Settlements (BIS) Innovation Hub’s Hong Kong centre and also involved four private companies – were presented this week and arrive as central banks across the world continue to weigh up how best to design retail CBDC systems.
The project developed a distributed ledger technology (DLT)-based proof-of-concept (PoC) testing the feasibility of an architecture in which private-sector intermediaries in a two-tier (central bank-private sector) system are ‘exposure-less’ – they provide technological access to the CBDC system, conduct ‘know-your-customer’ (KYC) processes and provide customer services ‘but are not financially exposed at any point of the processes of obtaining, transferring or redeeming CBDC’.
It specifically involved a new type of intermediary – referred to as an ‘access enabler’ – locatated at the system’s core. An access enabler would handle all customer-facing retail CBDC services without ever ‘holding’ end users’ retail CBDC, thus eliminating the need to hold funds to ensure liquidity or to reduce settlement risk.
Conclusions across cybersecurity, technological, legal and policy aspects of a retail CBDC implementation have been generated, according to the ‘Project Sela: an accessible and secure retail CBDC ecosystem’ report.
RETAIL CBDC: EXPLAINED A retail CBDC, often abbreviated to ‘rCBDC’ and also sometimes referred to as a ‘general purpose’ CBDC, is a CBDC that would be available for people’s everyday use; it is different from a wholesale CBDC, which would be for interbank use
‘Access enablers’ and regulatory standards
‘The unbundling of rCBDC [retail CBDC] processes and services in Sela gives rise to a new category of rCBDC payment service providers called access enablers (AEs),’ the 61-page report explains.
‘AEs provide all customer-facing rCBDC services but never take hold of, or control, the customer’s rCBDC itself, nor do they need to hold liquidity on their own balance sheets to provide rCBDC services. rCBDC payments are thus settled directly on the central bank’s balance sheet, free from credit risk.’
‘This could justify a lower financial regulatory standard for AEs and lead to a reduced entry barrier to providing rCBDC-based services, opening the doors to payment service providers distinct from those participating in the existing payments ecosystem,’ the report notes, adding that ‘while a lower financial regulatory standard could be justified, there could be other requirements placed on AEs (for example, security, governance etc) as part of a broader regulatory framework.’
One of the positive consequences of this, the report states, is the potential to ‘encourage competition, enabling more rCBDC use cases to be developed and providing the foundation upon which innovation can flourish.’
Cybersecurity was an important focus of the project, which explored design considerations to ‘preventatively secure [the] rCBDC system, which could see greater vulnerability due to the increased access’. Measures implemented ‘form only a small part of the multi-dimensional and complex cyber security measures needed to fully secure an rCBDC system,’ the report acknowledges.
RELATED ARTICLE Hong Kong and Israel examine CBDC cybersecurity resilience – a news story (20 June 2022) on the authorities’ aspirations for Project Sela
Future research focus areas
Potential future research areas are highlighted in the report’s conclusion.
First, it states that further work could assess the appropriate regulatory structure and business viability of an architecture such as Sela’s. ‘For example, incentive models for access enablers in providing retail CBDC services could build from existing regulations in the open banking space that allow payment service providers to leverage their existing infrastructure and end users’ transaction data to create additional commercial offerings on top of basic retail CBDC functions,’ the report suggests.
Second, the report states that interoperability with existing payment systems, such as Real-Time Gross Settlement Systems (RTGS) and fast payment systems, could be further explored.
Third, it states that while the Sela platform supports automation as a preliminary part of programmability – an increasingly hot topic in CBDC circles – ‘further analysis into more advanced functionality (as illustrated in Project Rosalind) and the cybersecurity implications was left for future work’. Project Rosalind, which involved the BIS Innovation Hub’s London centre and the Bank of England, concluded in June.
Fourth, the report concludes that additional work ‘along other cybersecurity dimensions’ is needed. For example, it states that ‘evaluating the cybersecurity of Sela’s design against active cyber-attacks would help test Sela’s existing design choices, identify gaps and increase public confidence in the security of such an architecture in a production setting.’
RELATED ARTICLE Think you know CBDCs? An A(CID) to Z(KP) test – a feature article (26 June 2023) focused on some of the many technology considerations involved with CBDCs (the article is based on a Bank of England ‘Digital pound: technology working paper’)
Co-working – but no CBDC commitment
Hong Kong has yet to commit to launching a CBDC despite China, of which Hong Kong is a part, driving forward with its e-CNY (‘digital yuan’). But the HKMA is currently piloting a potential CBDC – an e-HKD (e-Hong Kong dollar) – and recently describing its e-HKD pilot programme as being ‘in full swing’.
Similarly, authorities in Israel – whose central bank ran a consultation on the potential issuance of a digital shekel in 2021, saying it was ‘accelerating its research and preparation’ for a potential CBDC – have stopped short of committing to a digital currency issuance.
The Sela project specifically sought to build on ‘Project Aurum’, which also involved the HKMA and BIS Innovation Hub’s Hong Kong centre, and created a prototype for two-tier CBDC operations. Project Aurum’s prototype system, together with technical manuals totalling more than 250 pages and the source code, was made accessible last year to all BIS member central banks on BIS Open Tech – an ‘open’ platform for sharing nascent financial and statistical software as public goods – ‘to help catalyse and inspire the global quest for the most suitable retail CBDC architecture’.
Project Sela also sought to capitalise on the Bank of Israel’s own CBDC explorations and cybersecurity expertise, as well as the growing number of BIS Innovation Hub CBDC experiments. It has constituted the first collaborative project between the HKMA and Bank of Israel on the fintech front.
The companies involved were Florida-headquartered FIS and California-headquartered M10 Networks on the technology and core product; US-Israeli firm Check Point Software Technologies on cybersecurity; and Clifford Chance for legal analysis.
RELATED ARTICLE SWIFT-led ‘CBDC connector’ project gets thumbs-up for next phase – a news story (14 March 2023) on SWIFT’s work on international CBDC interoperability (see update below)
SWIFT-ly onwards on interoperabilty
In a separate CBDC development this week, the HKMA is one of three central banks that has begun ‘beta-testing’ an ‘interlinking’ solution for connecting CBDCs developed by SWIFT (the Society for Worldwide Interbank Financial Telecommunication).
Belgium-headquartered SWIFT announced this week (13 September) an update on a major international initiative that has already included tests involving the Monetary Authority of Singapore, Banque de France and Deutsche Bundesbank, stating that it had reached a ‘new milestone in our mission to facilitate interoperability between fiat and digital forms of value’.
SWIFT announced six months ago that, after 12 weeks of testing in a technical sandbox (test space)-style environment, participating organisations have expressed ‘strong support’ for the solution’s continued development after it enabled ‘seamless’ exchange of CBDCs, including those built on different platforms – and that next steps would include the development of a beta version of the solution to be tested further by central banks (‘beta’-testing is testing before a planned general release).
Six months on, SWIFT has announced that the HKMA, National Bank of Kazakhstan and a further unnamed central bank have ‘integrated the solution with their own infrastructure for direct testing’.
SWIFT has also kicked off a second phase of sandbox testing in which commercial banks, central banks and financial market infrastructures are exploring additional use cases, including ‘trigger-based payments for digital trade platforms, foreign exchange models, liquidity-saving mechanisms and Delivery-vs-Payment’. The HKMA, Reserve Bank of Australia, Deutsche Bundesbank and Bank of Thailand, as well as foreign-exchange company CLS, are among a group of more than 30 institutions taking part. Eighteen central and commercial banks participated in the sandbox’s first phase.