Date of meeting: 30 November 2021
Item 1: Welcome
Tom Mutton (Chair) welcomed the Members to the second CBDC Technology Forum meeting. He noted the recent announcement made by the Bank and HM Treasury on next steps for the exploration of a UK Central Bank Digital Currency (CBDC).
Item 2: Debrief on the first Engagement Forum
The Bank provided a short readout of the first Engagement Forum meeting on 2 November in line with the published minutes.
Item 3: Models of CBDC Provision
The Bank briefly introduced the topic providing an overview of the main models of CBDC and the public and private sector roles in its provision. Models discussed were a platform model, a pooled account model, an intermediated token model, and a bearer instrument model. The Bank explained that the aim of the discussion was to seek Members’ views on some of the technology implications of these models.
One Forum Member presented a comparative examination of the ecosystem complexity associated with two of the models presented by the Bank at the first Technology Forum, namely the platform model and the pooled model. The presentation did not make any assumptions on whether the two models were account or token-based. The presentation compared the mechanics of both models for generic processes such as registering or on-boarding of users to the CBDC system, adding or withdrawing money to and from a CBDC account, and paying with CBDC; and then outlined the differences in data transfers and processing. The presentation concluded with a comparison of the non-functional characteristics of both models, and whilst the two models were largely similar, it was noted that the platform model potentially placed increased technical requirements on the core ledger, particularly in terms of availability and latency, which could have a negative effect on resiliency, compared to the pooled model. However, this point was challenged by some Members, who did not think the platform model was necessarily less resilient than the pooled model.
Some Members thought a pooled model could offer some advantages in terms of privacy, given the core ledger would only hold the balances of Payment Interface Providers (PIPs) as opposed to the balances of end users in the case of the platform model. On the other hand, it was argued that generating sufficient visibility of PIPs activities could make the pooled model fragile to PIP failure and loss of customer data and balances. Some Members thought that the pooled model could be detrimental to competition by making it more difficult for end users to change PIPs.
A second Member then presented on a “cash-like”, bearer instrument model. The model presented assumed a hierarchical model of cash-like CBDC, with centralized minting and issuance by the Central Bank and decentralized distribution, transactions and settlement by PIPs. The presentation noted that this model could be beneficial for privacy, by separating the identity of the holder of the instrument from the transactions. The presenter also noted a set of challenges within this model, including counterfeiting risk, interoperability across wallets and devices, and offline capabilities.
Some Members thought that this model implied PIPs would need to be custodians of users’ tokens, and argued that users should be given the possibility of self-custody. Extensibility was also mentioned as a potential challenge for this model, given the complexity associated with updating or modifying the cryptography supporting the system.
Forum Members also discussed the benefits and challenges of an account versus a token based CBDC, and suggested this could be a topic to further explore in future meetings. The token based model was noted to have challenges with extensibility, whilst the account based model might present additional considerations with regard to privacy.
As an overarching point, Members thought that it was necessary to further understand the objectives being pursued and the potential use cases for an eventual CBDC to facilitate more detailed technical discussions in the Forum. They suggested that this could be achieved by developing a standard set of architecturally-significant use cases and customer personas, which could be used to evaluate different models and clarify how they may meet customer needs.
Item 4: Privacy in a CBDC system
One Member gave a presentation on the privacy and identity considerations for a CBDC with a range of purposes, noting that the technical requirements would vary significantly depending on the policy objectives pursued by the authorities when designing it. The presentation focused on a (hypothetical) cash-like CBDC and how it might seek to replicate traits of physical cash such as censorship and confiscation resistance, privacy and inclusivity. The presentation outlined the possible role of restrictions, such as wallet size or transaction size, and therefore the need for some degree of identity verification (for Sybil-resistance, AML, CFT) in order to enforce those. This in turn could be detrimental to inclusion.
Forum Members expressed diverging opinions on some of the issues raised in the presentation. Overall, Members assumed that some actor in the CBDC system would need to know with an appropriate degree of confidence who controls a CBDC wallet in order to comply with regulations. Some Members thought that delivering a guarantee of privacy for a non-anonymous CBDC would be technically challenging and require advanced cryptography.
Members pointed out that it would be useful to lay down the policy expectations on privacy to facilitate more in-depth discussions around the potential technology solutions.
Annex: Meeting documents
Tom Mutton (Chair), Bank of England
Will Lovell, Bank of England
Simon Scorer, Bank of England
Katie Fortune, Bank of England
Danny Russell, Bank of England
April Baracho, Bank of England
Ben Dovey, Bank of England
Guillermo Pons, Bank of England
Alan Ainsworth, Open Banking Implementation Entity
Andrew Flatt, Archax
Ashley Lannquist, IMF
Bejoy Das Gupta, eCurrency
David MacKeith, AWS
Dominic Black, Monzo
Edwin Aoki, PayPal
Geoff Goodell, UCL
Inga Mullins, Fluency
James Whittle, PayUK
Joshua Jeeson Daniel, SETL
Keith Bear, Cambridge Centre for Alternative Finance
Lauren Del Giudice, Idemia
Lee Braine, Barclays
Mark Shaw, Spotify
Matthieu Saint Olive, Consensy
Max Malcolm, Visa
Michael Adams, Quali-Sign
Patrick O'Donnell, Mastercard
Paul Lucas, IBM
Richard Brown, R3
Sarah Meiklejohn, IC3
Sean Mullaney, Stripe
Simon Bray Shaw, ASOS
Vikram Kimyani, Oracle
Will Drewry, Google
National Cyber Security Centre