In this three-part blog series, our experts offer their views on what can firms do to become ‘CBDC-ready’, the benefits of a CBDC to UK consumers and businesses, and the Technology Working Paper (TWP), discussing the key Technological features that the CBDC must be equipped with.
In February 2023, HM Treasury and the Bank of England (BoE) published a consultation paper (CP)1 and a Technology Working Paper (TWP)2 on a proposed UK Central Bank Digital Currency (CBDC) - the digital pound, also referred to as ‘Britcoin’. This CP introduces two new roles: Payment Interface Providers (PIPs), which would offer digital pass-through wallet services, and External Service Interface Providers (ESIPs) which would offer non-payment services that complement the digital pass-through wallet services. To avoid missing out on being part of this future ecosystem, which has the very real potential to be a genuine step change, firms will need to become PIPs and/or ESIPs.
However, the BoE is just entering the CBDC design phase, and it may be a while before formal guidance on the regulatory and operational requirements for PIPs and ESIPs materialise.
So, what should firms do now to prepare to become a PIP and/or ESIP?
The answer is in the CP: The BoE outlines eight principles of operations that would ‘likely’ be imposed – Availability, Security & Resilience, Privacy, Inclusion, Interoperability, User friendly, Diversity & Innovation, Fast & Convenient. Based on these principles, we are suggesting three key tenets that firms must act on now in preparation for their role as a PIP and/or ESIP;
Firms should;
a) Achieve high availability of systems that will have to interface with the CBDC ecosystem
b) Mitigate security risks by following BoE recommended best practices
c) Offer best-in-class privacy features to enhance digital pound user’s’ protection
Let’s delve deeper into each of these.
Achieve high availability of systems that will have to interface with the CBDC ecosystem
High availability of CBDC systems3 is paramount to achieving the central bank’s financial stability objective. Disruption to payment processing or prolonged downtime of CBDC systems could result in financial loss, threaten user confidence, and negatively affect financial stability.
Therefore, firms should start by identifying systems that will interface with other components of the CBDC infrastructure (e.g., BoE’s core ledger). Firms should use this time to identify single points of failure in their systems,4 build redundancies into these systems, simulate ‘what if’ scenarios, plan for total failure or outage events and implement self-healing mechanisms accordingly.
Mitigate security risks by following BoE recommended best practices
BoE will likely introduce a security programme to monitor and manage the inherent risks associated with an anticipated large number of firms aiming to take part in the new CBDC ecosystem. To make the transition into the CBDC ecosystem seamless, firms should exhibit readiness and agility to adapt their approach towards security and plug any gaps when new vulnerabilities become apparent.
Therefore, firms should start looking into proposed security measures now (e.g., lateral movement techniques, layered security approach). As a first step, firms would do well by ensuring that they meet the best practices recommended by the National Cyber Security Centre (NCSC)5. And then subsequently, consider additional levels of security to ensure the CBDC infrastructure is protected to the highest standards.
Offer best-in-class privacy features to enhance digital pound user’s protection
Privacy will be fundamental to earning customer confidence and accelerating adoption of the digital pound. The BoE in their CP encourages private firms to offer enhanced privacy features to digital wallet users.
Therefore, firms should seek to build a roadmap of what best-in-class privacy looks like that meets the BoE’s legal, technical, and operational standards. This should cover at least 3 key areas:
- The guidance offered in the UK Digital Identity and Attributes Trust Framework6 and the Good Practice Guide 457 to support access to the digital pound,
- The UK data protection laws which regulates the commercial use of personal data, and;
- The various privacy-enhancing technologies (PETs)8 proposed in the consultation and assess their operational and technical capabilities to deliver these technologies if it is mandated by the BoE.
While firms await further guidance from the BoE on the exact shape and nature of the planned CBDC, there is already sufficient information contained in the consultation paper to enable firms to lay the foundation for their future offerings in this new ecosystem. Using this time now to lay this foundation, will allow firms to really focus on their competitive offerings as PIPs and/or ESIPs once more details become available.
[1] The digital pound: a new form of money for households and businesses?
[2] The digital pound: Technology Working Paper (bankofengland.co.uk)
[3] CBDC systems refer to CBDC Core ledger (operated by BoE) and all associated systems within the CBDC insfrastructure.
[4] Single Point of Failure (SPOF) is part of the system that, if it fails, will stop the entire system from working.
[5] Essential Topics - NCSC.GOV.UK
[6] UK digital identity and attributes trust framework alpha v1 (0.1) - GOV.UK (www.gov.uk) UK Digital Identity and Attributes Trust Framework
[7]How to prove and verify someone's identity - GOV.UK (www.gov.uk) Good Practice Guide 45
[8] Privacy-enhancing technologies covers a broad range of technologies designed to support privacy and data protection. These technologies may be cryptographic, statistical, or procedural in nature.
