That covers wholesale models—designed for restricted access by financial institutions, and similar to central bank reserve and settlement accounts—and retail models, issued by the central bank directly to all users. Across the Asia-Pacific region, Australia, Hong Kong, India, Japan, Malaysia, New Zealand, Taiwan, and Thailand are all exploring CBDCs, which are seen to both promote financial inclusion and interregional and international trade.
In November last year, the Reserve Bank of Australia (RBA) partnered with Commonwealth Bank, NAB, Perpetual and blockchain software technology company ConsenSys to launch a project exploring a wholesale CBDC using distributed ledger technology (DLT).
A year on, RBA staff have “not been convinced to date that a strong policy case has emerged in Australia for a CBDC,” said the RBA’s Head of Payments Policy Tony Richards in an address to the Australian Corporate Treasury Association. He cited the fact that “no high-income economies have yet made the decision to issue a CBDC” and the two most seriously considering it in Europe, Sweden’s Riksbank and the European Central Bank “are probably a couple of years away” from any decisions on the possible issuance of a digital currency.
Richards also highlighted the US Federal Reserve as being even less convinced: “Fed officials have pointed to ongoing improvements in the existing payments system, the uncertain benefits of a CBDC and new risks that it could introduce. They have also questioned the idea that the Fed needs to introduce a CBDC to compete with foreign CBDCs, cryptocurrencies or stablecoins.”
That’s now all changing very quickly. Last week, Australian Treasurer Josh Frydenberg said that work on a retail CBDC will start with advice on a pilot before the end of 2022. In the US, the Federal Reserve’s report on CBDCs, stablecoins and cryptocurrencies is anticipated “soon,” according to Jerome Powell, the central bank’s chair, and the Federal Reserve Bank of New York recently launched the New York Innovation Center (NYIC) to build and test digital currencies, including CBDCs and stablecoins.
In his speech, the RBA’s Richards said that he can “imagine a future where the establishment of strong regulatory frameworks for stablecoins could lead to the issuance of stablecoins by highly rated entities, and central banks could move towards issuing CBDCs.” As stablecoins are tied to a widely traded currency or commodity like the US dollar or gold, they are favoured over private cryptocurrencies by central banks because they are not as volatile as most cryptocurrencies.
What’s really interesting is that despite the slow progress made on CBDCs globally, we’ve found that banks are already starting to move in preparation for their introduction. As part of our OneSpan Global Financial Regulations Report 2022, we surveyed 172 bank leaders and executives across France, Mexico, the UK, and the US. Of the bankers surveyed, 6-in-10 expect their country will develop a CBDC in the next two years and half (49%) report they are securing their mobile app (e.g. application shielding) to prepare for a possible CBDC.
Why are they doing that? When CBDCs launch, there will be much more rigorous governance around their use compared to what is typically the case for ‘permissionless’ cryptocurrencies. We have to expect strong security measures such as multi-factor authentication and mobile application shielding will be required since like, cash, these CBDCs are backed by the central bank. In a sense, given that CBDCs would likely rely on a smaller number of trusted entities to verify transactions, there is a greater level of risk placed on these trusted entities to be sure of their provenance.
With the majority of our financial transactions now conducted online and through our mobile devices, the introduction of widely used digital currencies creates an even greater incentive for fraudsters and attackers to target and exploit any vulnerabilities they find. At the same time, for the regulatory authorities, the use of CBDCs or stablecoins now requires rock-solid certainty of the identity of the currency holder, so the onus will be on our banks to provide this capability once these digital currencies are introduced.
Authentication systems and the application code itself are two key targets for exploitation, so mobile application developers at financial institutions need to take a layered approach where in addition to implementing multi-factor authentication, the app itself must be secured – which also requires applying proactive, client-side security measures such as mobile app shielding. While you can ensure that your own code is secure and regularly updated, there is no way for you to ensure that the user’s device hasn’t been compromised through another app or channel outside of your control.
So, will we see the introduction of a national digital currency in Australia? I think it’s inevitable. There is ever-growing popularity in the use of cryptocurrency, which has long been a concern for the authorities, explained the RBA’s Richards, because the anonymity most offer can facilitate financial crime and the black economy. “Tax authorities and agencies with responsibility for preventing financial crime could pay greater attention to transactions going through the on- and off-ramps linking cryptocurrencies to the traditional financial sector (e.g. digital currency exchanges).”
It’s now up to our banks and other financial institutions to be ready for its introduction.
