资源描述
BIS Quarterly Review, March 2020 85 The technology of retail central bank digital currency 1 Central bank digital currencies (CBDCs) promise to provide cash-like safety and convenience for peer-to-peer payments. To do so, they must be resilient and accessible. They should also safeguard the users privacy, while allowing for effective law enforcement. Different technical designs satisfy these attributes to varying degrees, depending on whether they feature intermediaries, a conventional or distributed infrastructure, account- or token-based access, and retail interlinkages across borders. We set out the underlying trade-offs and the related hierarchy of design choices. JEL classification: E42, E44, E51, E58, G21, G28. The question of whether central banks should issue digital currency to the general public has attracted increasing attention. This special feature sketches out some key technological design considerations for a retail CBDC, in the event that a central bank decided to issue one. We do not investigate the case for or against issuance, the systemic implications, or how these might be managed. 2 We structure our approach around consumer needs and the associated technical design choices. Current electronic retail money represents a claim on an intermediary, rather than functioning as the digital equivalent of cash. CBDCs could potentially provide a cash-like certainty for peer-to-peer payments. At the same time, they should offer convenience, resilience, accessibility, privacy and ease of use in cross-border payments. Different technical designs meet these criteria to varying degrees, with attendant technical trade-offs. We explore these issues. The aim is not to promote or highlight any particular approach, but to lay some groundwork for more systematic discussions. 1 We thank Morten Bech, Codruta Boar, Claudio Borio, Stijn Claessens, Benot Cur, Jon Frost, Leonardo Gambacorta, Marc Hollanders, Henry Holden, Ross Leckow, Cyril Monet, Hyun Song Shin, Rastko Vrbaski, Amber Wadsworth and Philip Wooldridge for comments, and Haiwei Cao, Giulio Cornelli and Alan Villegas for exceptional research assistance. The views expressed in this article are those of the authors and do not necessarily reflect those of the Bank for International Settlements. 2 For the systemic implications, see the survey in CPMI-MC (2018). Andolfatto (2018), Kumhof and Noone (2018), and Bindseil (2020) examine how the impact on the central banks balance sheet can be managed, while Brunnermeier and Niepelt (2019) investigate how financial instability risks can be mitigated. Raphael Auer raphael.auerbis Rainer Bhme rainer.boehmeuibk.ac.at 86 BIS Quarterly Review, March 2020 Our approach is graphically represented in the “CBDC pyramid”, which maps consumer needs onto the associated design choices for the central bank. This scheme forms a hierarchy in which the lower layers represent design decisions that feed into subsequent, higher-level decisions. We start by introducing the four main design choices, as represented in the four layers of the CBDC pyramid. We assess the legal structure of claims and the operational roles of the central bank and private institutions in different CBDC architectures. We discuss the choice between distributed ledger technology (DLT) and a centrally controlled infrastructure. We compare token-based systems and account-based systems. Before concluding, we assess how the development of CBDCs might reinforce current efforts to overhaul cross-border payments. From consumer needs to design choices: the CBDC pyramid The focus of our approach is the “retail” aspect of CBDC; we ask what consumer needs a CBDC could address. 3 We thus sketch the development of a CBDC through an approach that proceeds from consumer needs to design choices. 4 The left-hand side of the CBDC pyramid (Graph 1) sets out such consumer needs and six associated features that would make a CBDC useful. Starting with cash-like peer-to- peer usability, these features also comprise convenient real-time payments, payments security, privacy, wide accessibility and ease of use in cross-border payments. The pyramids right-hand side lays out the associated design choices. The consumers prime need is that the CBDC embodies a cash-like claim on the central bank, ideally transferable in peer-to-peer settings. Today, even consumers who normally prefer to pay electronically are confident that, if an episode of financial turmoil were to threaten, they could shift their electronic money holdings into cash. This flight to cash has been seen in many crisis episodes, including recent ones. The main concern is that if, in the future, cash were no longer generally 3 All private sector non-financial users are referred to as “consumers” in what follows. For a discussion of “wholesale” CBDC for use in the financial industry, see CPMI-MC (2018). 4 The survey in Boar et al (2020) highlights that central banks have advanced other motivations for issuance, including monetary policy implementation and financial stability considerations. These aspects are considered in the CBDC design frameworks of Fung and Halaburda (2016), Bjerg (2017), CPMI-MC (2018), Mancini-Griffoli et al (2018), Wadsworth (2018), Kahn et al (2019) and Adrian (2019). Although it takes a more positive stance towards CBDC, our focus on technical design elements is related to Pichler et als (2020) analysis of the limits of CBDC when compared with cash. Key takeaways A trusted and widely usable retail CBDC must be secure and accessible, offer cash-like convenience and safeguard privacy. Various technical designs satisfy these criteria to different degrees, and the associated trade-offs need to be identified. The design of a retail CBDC needs to balance the credibility of direct claims on the central bank with the benefits of using payment intermediaries. BIS Quarterly Review, March 2020 87 accepted, a severe financial crisis might create further havoc by disrupting day-to- day business and retail transactions. 5 At the same time, consumers are unlikely to adopt a CBDC if it is less convenient to use than todays electronic payments. Banks and payment service providers run sophisticated infrastructures that can handle peak demand, such as on Singles Day in China or Black Friday in the United States. And intermediaries help to smooth the flow of payments by taking on risk, for example during connectivity breaks or offline payments. These two needs cash-like safety and convenience of use lead to the foundational design consideration for a CBDC (see lowest layer of pyramid in Graph 1): the choice of the operational architecture, and how it will balance the consumers demand for a cash-like claim on the central bank with the convenience that intermediaries confer on the payment system. The choice is shaped by two questions. Is the CBDC a direct claim on the central bank or is the claim indirect, via payment intermediaries? What is the operational role of the central bank and of private sector intermediaries in day-to-day payments? Further, the consumers need for cash-like payment safety means that a CBDC must be secure not only from the insolvency or technical glitches of intermediaries, but also from outages at the central bank. The choice is whether to base this infrastructure on a conventional centrally controlled database or instead on DLT technologies that differ in their efficiency and degree of protection from single 5 In Sweden, where cash use has already declined substantially, considerations along these lines have led the central bank to propose a review of the concept of legal tender (Sveriges Riksbank (2019). The CBDC pyramid Graph 1 The CBDC pyramid maps consumer needs (left-hand side) onto the associated design choices for the central bank (right-hand side). The four layers of the right-hand side form a hierarchy in which the lower layers represent design choices that feed into subsequent, higher- level decisions. Source: Authors elaboration. 88 BIS Quarterly Review, March 2020 points of failure. Importantly, this decision can only be made once the architecture has been decided upon, as DLT is only feasible for some operational setups. This is why the choice of infrastructure lies in the pyramids second layer. Two further consumer needs are easy, universal access and privacy by default. 6 From a technical perspective, there is an underlying trade-off between privacy and ease of access on the one hand and ease of law enforcement on the other. The associated design choice the pyramids third layer is whether access to the CBDC is tied to an identity system (ie an account-based technology) or instead via cryptographic schemes that do not require identification (ie an access technology based on so-called digital tokens). The final consumer need we consider is that CBDCs should also enable cross- border payments. At a design level, this could be arranged via technical connections at the wholesale level that are built on todays systems. Alternatively, novel interlinkages could be envisaged at the retail level, ie allowing consumers to hold foreign digital currencies directly. Importantly, the means of implementing the latter option would depend on whether the CBDC was account- or token-based. This is why this design choice belongs in the top layer of the pyramid. Architecture: indirect or direct claims, and the operational role for the central bank The CBDC pyramids bottom layer is the legal structure of claims and the respective operational roles of the central bank and private institutions in payments. Our analysis starts with an overview of possible technical architectures for CBDCs. In all three architectures shown in Graph 2, the central bank is, by definition, the only party issuing and redeeming CBDC. We note that all three architectures could be either account- or token-based, and might run on various infrastructures. These choices are discussed below. The key differences here are in the structure of legal claims and the record kept by the central bank. In the “indirect CBDC” model (Graph 2, top panel), the consumer has a claim on an intermediary, with the central bank keeping track only of wholesale accounts. In the “direct CBDC” model (centre panel), the CBDC represents a direct claim on the central bank, which keeps a record of all balances and updates it with every transaction. The “hybrid CBDC” model (bottom panel), is an intermediate solution providing for direct claims on the central bank while allowing intermediaries to handle payments. Consider first the indirect CBDC model (top panel). This term is used by Kumhof and Noone (2018), and is equivalent to the “synthetic CBDC” in Adrian and Mancini- Griffoli (2019). This model is also known as the “two-tier CBDC” for its resemblance to the existing two-tier financial system; a token-based variant is proposed as a “multi-cell CBDC” in Ali (2018). For consumers, this type of CBDC is not a direct claim on the central bank. Instead, the intermediary (labelled “CBDC bank” in Graph 2 for its close resemblance to a narrow payment bank) is mandated to fully back each outstanding indirect CBDC-like liability to the consumer (labelled “ICBDC” 6 Privacy here means that the consumers data are used only in steps strictly necessary for the specific purpose of determining whether a transaction is lawful and, if this the case, executing it. “By default” implies that privacy is ensured without requiring any intervention by the user. BIS Quarterly Review, March 2020 89 in Graph 2) to retail consumers via its holding of actual CBDCs (or other central bank money) deposited at the central bank. 7 Just as in todays system, intermediaries handle all communication with retail clients, net payments and send payment messages to other intermediaries and wholesale payment instructions to the central bank. The latter settles wholesale CBDC accounts with finality. Besides offering the convenience of todays systems based on intermediaries, the indirect CBDC also relieves the central bank of the responsibility for dispute 7 Some have argued that this architecture does not warrant the CBDC label. However, the label does apply if one follows CPMI-MC (2018) in defining a retail CBDC as any claim on the central bank that is different from todays wholesale accounts (see also Bech and Garratt (2017). An overview of potential retail CBDC architectures Graph 2 In all three architectures, the CBDC is issued only by the central bank. In the indirect CBDC architecture (top panel), this is done indirectly, and an ICBDC in the hands of consumers represents a claim on an intermediary. In the other two architectures, consumers have a direct claim on the central bank. In the direct CBDC model (centre panel), the central bank handles all payments in real time and thus keeps a record of all retail holdings. The hybrid CBDC model (bottom panel) is an intermediate solution providing for direct claims on the central bank while real-time payments are handled by intermediaries. In this architecture, the central bank retains a copy of all retail CBDC holdings, allowing it to transfer holdings from one payment service provider to another in the event of a technical failure. All three architectures allow for either account- or token-based access. Source: Authors elaboration. 90 BIS Quarterly Review, March 2020 resolution, know-your-customer (KYC) and related services. But the downside is that the central bank keeps no record of individual claims (only the intermediaries do, whereas the central bank records only wholesale holdings) nor is there any cash-like direct proof of the claim. Thus, the central bank cannot honour claims from consumers without information from the intermediary. 8 If the intermediary is under stress, determining the legitimate owner might involve a potentially lengthy and costly legal process with an uncertain outcome. This models regulatory and supervisory issues, as well as those pertaining to deposit insurance, are hence similar to those of todays system. Consider next a CBDC directly operated by the central bank, the direct CBDC architecture (centre panel). One version would comprise accounts managed by the central bank. Several private sector companies are developing token-based variants, or “digital banknotes”. 9 In this architecture, KYC and customer due diligence could be handled by the private sector or the central bank or another public sector institution. The central bank, however, would be the only institution handling payment services. The direct CBDC is attractive for its simplicity, as it eliminates dependence on intermediaries by doing away with them. However, this entails compromises in terms of the payment systems reliability, speed and efficiency. One aspect is that building and operating technical capacity on this scale is often viewed as being better undertaken by the private sector, as seen in todays credit card networks. Second, even if a central bank were
展开阅读全文