There are some cyber-risks a central bank digital currency (CBDC) must contend with, from the threat of hacking to data privacy
By Mihir Gandhi & Vivek Belgavi
Although there are a multitude of advantages of introducing a central bank digital currency (CBDC) in India, it also carries its potential set of risks that can cause instability for RBI. Cyber hacks and threats: A CBDC might be subjected to cyber hacks, which might lead to server blockages or unforced timeouts or service declines. Decentralised systems are usually good at handling such situations, but a resilient system with anti-hack measures should be preferred. Other than such cyber hacks, a CBDC can be exposed to other cyberthreats that include distributed denial-of-service (DDoS) attacks that disrupt services, supply-side attacks to infrastructure and side-channel attacks to user devices and payments applications.
CBDC systems based on DLT are vulnerable to DDoS attacks because for a transaction to occur, it needs to interact with all other nodes in the network. A DDoS attack is usually an attempt to disrupt the traffic towards any server or network by overwhelming it with a huge amount of traffic in a very short time. If these cyberattacks are not taken care of by the government, they will jeopardise the integrity of the CBDC system.
Impact on monetary policy: The high adoption of CBDC within a country’s financial system could have an impact on the monetary policy, creating unnecessary instability in the economy without proper measures.
Higher adoption rates curb the flow and use of fiat currency, and in extreme circumstances the economy is forced into substituting the Indian rupee for any foreign currency like the dollar. This happens in rare cases when the country’s fiat currency has lost its value due to instability or hyperinflation. However, such substitution can be prevented if there are limits on the amount of CBDC held by any individual.
Other ways to handle a negative impact are improving awareness about CBDC among people and educating them so as to build trust in the usage of CBDC.
Impact on the role of commercial banks: Two-tier issuance architecture is a good approach for retail CBDC as it helps in saving a run on the central bank. In this architecture, the central bank backs the issuance of CBDC and distribution to the general public by commercial banks based on securities or cash deposits held at the central bank. The role of banks needs to be clearly defined in the whole distribution and management of CBDC with proper measures against disintermediation.
The disintermediation of banks happens when commercial banks can’t support large-scale withdrawal of money in deposits by the public or the conversion of such deposits into CBDC deposits, which forces them to go back to the central bank for financial support. Thus, the overall load of multiple banks falls on the central bank in such a case, destabilising the financial system. The conversion of fiat currency into CBDC would depend a lot on interest rates being given for banking deposits and CBDC.
A large number of people will convert at least part of their deposits into CBDC, and with higher incentives for CBDC, the risk of such heightened withdrawals from banks and conversions to CBDC will increase. The outflow of such deposits would be harmful for commercial banks as they would need an alternative source to fund the lending business, thus decreasing the ability of banks to give loans to the public.
Some policies regarding limits on the amount of CBDC deposits and zero interest on such digital wallets/accounts can help address some of these issues faced by commercial banks. It would be safe to say that these areas need further deliberation by the central bank and the government.
Impact on financial inclusion: In a country like India, where around 550 million people still use feature phones, it is important for CBDC to not only cater to the tech-savvy youth, but also to include feature phone users and people from lower socioeconomic groups. Another 845 million people have smartphones, of which many still don’t use mobile banking or digital payments in daily lives.
There are a plethora of reasons for exclusion to occur in the case of something like a CBDC. These can range from economic factors, lack of knowledge, propensity of people in tier-2 or tier-3 cities to use cash, and unawareness of the existence of CBDC in some markets.
To build a CBDC ecosystem and make it sustainable, it is essential to address all these issues and for CBDC to act as a tool for inclusion by solving the problems through innovation. Threat to privacy: The introduction of CBDC will increase the security and safety of transactions as all of them will be validated and captured in a distributed ledger. However, there is a small trade-off between combating AML and CFT and privacy because transactions of people and businesses will not be completely anonymous. It’s important for authorities to strike a balance between AML and other measures intended to curb illegal activity and maintain confidentiality of personal and financial information of citizens.
There is also a need for strong cooperation between government agencies and regulatory bodies so that a balance is maintained and a proper data or information collection framework is implemented that oversees the ecosystem.
Excerpted from PwC India’s September 2021 publication ‘Central Bank Digital Currency in the Indian context’
Respectively, partner & leader (payments transformation), and partner & leader (fintech), PwC India