
The Hong Kong Monetary Authority (HKMA) and Bank of Israel are to jointly research the cybersecurity aspects of central bank digital currencies (CBDCs).
The project, which is being led by the Bank for International Settlements (BIS) Innovation Hub’s Hong Kong centre, will examine the data security implications of two-tier retail CBDC architecture where the intermediaries will have no financial exposure, and aim to ‘pioneer methods of rendering it more resilient to cyber-attacks’, according to the HKMA’s announcement of the collaboration.
Retail CBDCs are central bank digital currencies that would be available to the general public, as opposed to wholesale CBDCs, which are for interbank settlement. ‘Two-tier’ refers to a model whereby the monetary authority issues digital currency to intermediaries such as commercial banks, which then distribute the currency for people and businesses to use.
The project, which is named ‘Project Sela’, will be the first fintech collaboration between the Hong Kong and Israel authorities, with work due to start in the third quarter.
Hong Kong has yet to commit to launching an e-HKD (Hong Kong dollar) despite the progress in China, of which Hong Kong is a part, with its e-CNY (or ‘digital yuan’). But, in April, the HKMA issued a discussion paper on the potential introduction of a retail CBDC that pointed out that given ‘the high monetary value of the rCBDC [retail CBDC] system, it could become an attractive target of cyber attackers.’ The Bank of Israel, meanwhile, ran a consultation on the potential issuance of a digital shekel last year, saying it was ‘accelerating its research and preparation’ for a potential CBDC.
‘Exposure-less’ intermediaries and cyber-resilience
The topics of cybersecurity and CBDCs are both among the Bank for International Settlements Innovation Hub’s 2022 priorities.
Expected to be completed by the end of the year, Project Sela is looking to build on ‘Project Aurum’, which was run by the HKMA and BIS Innovation Hub’s Hong Kong centre. It studied the benefits and challenges of tiered architectures for the distribution of retail CBDC through commercial banks and payment service providers.
Project Sela is to focus on the feasibility of an architecture in which intermediaries in the two-tier system are ‘exposure-less’ – they provide technological access to the CBDC system, conduct ‘know-your-customer’ (KYC) processes and provide consumer services ‘but are not financially exposed at any point of the processes of obtaining, transferring or redeeming CBDC’, the Bank of Israel explained in its own announcement.
Cybersecurity issues regarding two-tier retail CBDC ‘will also be addressed’, Israel’s central bank stated. ‘The project will test if intermediaries’ financial exposure-less nature can lend itself to a more cyber secure solution to end-users. In particular, if through distributing the intermediaries and the services they provide along with layered data obfuscations, it might be possible to provide a service that is more resilient to sophisticated cyber attacks.’
Sela was an ancient Hebrew silver coin and is the Hebrew word for ‘rock’, thus making a reference to Hong Kong’s Lion Rock mountain, which gave the name to the HKMA’s first CBDC study, ‘Project LionRock’.
BIS Innovation Hub’s new projects
As well as its involvement in Project Sela, the BIS Innovation Hub has just announced a new set of projects across its growing number of global centres – most significantly, the first three projects of its Eurosystem centre.
The BIS Innovation Hub Eurosystem centre, which was originally expected to open in the first half of this year but is now expected to open ‘in the coming months’, will explore cryptocurrency markets, the implications of post-quantum cryptography for payment systems and climate-related disclosures.
The Hong Kong centre, meanwhile, will embark on a new phase of its blockchain-based green finance initiative ‘Project Genesis’ that will involve the start of the development of a new prototype in collaboration with the United Nations Framework Convention on Climate Change (UNFCCC), and other public and private parties.
Blockchain, smart contracts and other related technologies will be used for the tracking, delivery and transfer of so-called digitised ‘mitigation outcome interests’ – de facto carbon credits recognised under national verification mechanisms compliant with the Paris Agreement (the legally binding international treaty on climate change adopted in 2015) – attached to a bond.