Policy Principles for Safeguarding Privacy and Financial Integrity

Bejoy Das Gupta, Chief Economist, eCurrency


Among the many issues pertaining to digital currencies[1], two important ones revolve around protecting privacy and financial integrity. At one end of the spectrum, consumers may desire complete anonymity or privacy in digital payments, akin to cash. At the other end, regulators may wish to know the full identities of those conducting transactions and other details to ensure that they are not unlawful activities. As such, there is a tradeoff between privacy and financial integrity in digital payments, and a balance has to be struck between the two.


In most countries, the right to privacy is enshrined in law, or, at the very least, is expected by the general public. In layman terms, private information, such as who bought what and from whom in a digital transaction should be protected. It is a political and social question, and not a narrow technical matter (BoE 2020). Accordingly, legislation is done on that basis. For example, in some countries, it will reflect concerns about digital surveillance. Privacy regulations, such as the GDPR in Europe/ UK, also require that users should have control over how their data is used and shared with, and include the right to be forgotten (BoE 2020). In a paper on privacy and CBDCs, the Bank of Canada (Arora and Darbha 2020) poses for example the following questions:


  • Should all transactions be routinely disclosed to the government, or only some?

  • Should law enforcement be able to determine a person’s holdings?

  • Should a payer’s identity be hidden from a merchant?

  • What transaction details should be shown to a payer’s money services business?

  • Should users be able to transact outside of KYC regulations to some extent?


Concurrently, countries have financial integrity regulations such as AML/KYC/CFT to curb illicit activities. Globally, they are governed by the FATF (Financial Action Task Force) guidelines to combat money laundering and terrorist financing. While users of digital currencies may demand full privacy, regulators will not allow it. Moreover, the financial integrity regulations are in the process of being strengthened, as evident from the FATF in June 2020 calling on national financial services and banking regulators to implement a stricter KYC/AML regime, including requiring virtual exchanges and digital wallet providers, to hold such information for transactions originating on their platforms.


Accordingly, guiding policy principles in relation to privacy and financial integrity should be:

  1. Digital currencies must comply with the right to privacy laws in countries.

  2. Digital currencies must also comply with financial integrity regulations in countries.

  3. With the growing use of digital identity systems, a stricter regulatory regime governing their security and use is coming, and to which compliance will be needed.

As such, in practice, central banks as well as the private sector need to take into account adherence to the policy principles when designing digital currency instruments and selecting the appropriate technology for operationalization (see for example ECB 2020). In other words, the policy principles drive design and technology choice, and not the other way around.


We illustrate one approach to how privacy and financial integrity objectives can be met in the case of CBDCs. The design would be a ‘hybrid’ approach, with centralized CBDC issuance by the central bank, distribution through private payment service providers (PSPs), for use by consumers and businesses. Central banks would not know identities of those undertaking small transactions, below a certain threshold. The threshold would be set by legislation, with provision for a legal discovery process potentially even for small transactions where suspicious activity is suspected. AML/KYC/CFT compliance would be done by the PSPs, relieving central banks of customer-facing operational headaches. The technology used would have to ensure compliance with GDPR and data protection laws in other countries.[2] eCurrency’s DSC3 technology is an example of a solution, which is fully compliant with regulations.

[1] See Arora and Darbha (2020) for a privacy profile of different payment technologies. [2] Digital currencies refer to the universe of e-money, cryptocurrencies, stablecoins and central bank digital currencies in line with Kiff et. al. (2020).


References:


Arora, Rakesh, and Sriram Darbha. 2020. "Privacy in CBDC Technology." Staff Analytical Note 2020-9, Bank of Canada. https://www.bankofcanada.ca/2020/06/staff-analytical-note-2020-9/


Auer, Raphael and Rainer Böhme. 2020. “The technology of retail central bank digital currency,” BIS Quarterly Review, March. https://www.bis.org/publ/qtrpdf/r_qt2003.pdf


Bank of England. 2020. “Central Bank Digital Currency: Opportunities, Challenges and Design,” March. https://www.bankofengland.co.uk/-/media/boe/files/paper/2020/central-bank-digital-currency-opportunities-challenges-and-design.pdf?la=en&hash=DFAD18646A77C00772AF1C5B18E63E71F68E4593


European Central Bank. 2020. “Report on a Digital Euro,” FATF, March. https://www.fatf-gafi.org/media/fatf/documents/recommendations/Guidance-on-Digital-Identity.pdf


Financial Action Task Force (FATF). 2020. “Guidance on Digital Identity,” October. https://www.ecb.europa.eu/pub/pdf/other/Report_on_a_digital_euro~4d7268b458.en.pdf


Financial Stability Board. 2020. “Addressing the Regulatory, Supervisory and Oversight Challenges Raised by Global Stablecoin Arrangements,” April. https://www.fsb.org/2020/04/addressing-the-regulatory-supervisory-and-oversight-challenges-raised-by-global-stablecoin-arrangements-consultative-document/


Kiff, John, Jihad, Alwazir, and others. 2020. "A Survey of Research on Retail Central Bank Digital Currency.” IMF Working Paper, WP/20/104, IMF, Washington, DC. https://www.imf.org/en/Publications/WP/Issues/2020/06/26/A-Survey-of-Research-on-Retail-Central-Bank-Digital-Currency-49517

©2020 eCurrency Mint Limited | Privacy Policy