Central Bank Digital Currencies (CBDCs) and Crypto Compliance

Bitcoin and most other digital assets are decentralized. In contrast, a central bank digital currency (CBDC) is issued and regulated by a nation’s central bank and represents a digital version of its currency. For example, the People’s Bank of China (PBOC) offers the digital yuan, which has the same value as the physical renminbi.

CBDCs must follow crypto compliance measures such as anti-money laundering (AML) and countering the financing of terrorism (CFT). 

This article will discuss the state of CBDC compliance around the world, its unique challenges, and what central banks should look for in a compliance solution. 

The State of CBDC Compliance Around the World?

According to a study from the Atlantic Council, there are 130 countries exploring CBDCs, collectively representing 98% of the world as of 2023. While this figure may sound impressive, there is wide variation within those countries.

Approximately half were in advanced development stages, such as piloting or launching their CBDCs, while others are still in exploratory phases. Naturally, the maturity of their compliance frameworks also varies widely.

China has robust standards in place pertaining to CBDC compliance. As authorized by the 2020 Amendment, the PBOC supervises the circulation and regulation of the physical renminbi. This mandate extends to regulating banks and payment institutions that wish to exchange the CBDC. These entities must comply with PBOC requirements, such as those pertaining to AML. As part of the Future of Payments Working Group in the G20 Roadmap, the PBOC is also advocating for CBDC policy that meets requirements in AML, CFT, and thwarting tax evasion. 

Other regions still have developing standards. The European Central Bank met to discuss privacy options surrounding the digital euro. Its preliminary view is that anonymity is not a desirable feature because it would enable money laundering. As part of its currently applicable baseline scenario, the European Central Bank thus advises that there should be checks during onboarding, and data should be transparent to all intermediaries to improve AML and CFT. The European Central Bank is also considering other options with co-legislators, such as selective privacy for low-value transactions and offline functionality.

Despite the varying maturity levels of CBDC compliance policies,, organizations must still be ready for AML and CFT compliance. In nations with advanced CBDC programs like China, the central bank must carefully oversee its compliance policy to ensure that the digital currency is not used for money laundering, tax evasion, or funding terrorism. Banks and payment institutions under this regime must also adhere to the compliance policy, so that they are continually permitted to participate in the CBDC system.

In countries or regions with emerging CBDC programs, preparation for compliance is equally important. Central banks must anticipate how their digital currency may be used for nefarious purposes and have a plan in place to minimize these threats. Banks and other financial institutions should anticipate likely measures, so they can put themselves in a position to be compliant when AML and CFT standards when the CBDC is launched. 

The Challenges of CBDC Compliance

There are many challenges associated with CBDC compliance, including:

• Increasing sophistication of criminals - Criminals who launder money, evade taxes, and finance terrorist operations are becoming increasingly sophisticated. They have an extensive repertoire of evasion and obfuscation techniques. These include the use of coin mixers, chain-hopping, side chains, and privacy coins, all of which are meant to make it more difficult for authorities to follow their tracks. 
  
  While these techniques are traditionally associated with digital assets, they may intersect with CBDCs as well. For example, criminals may use CBDCs for nefarious purposes, and then exchange them into digital assets to evade authorities en route to an eventual exit node. Central banks must have a thorough understanding of not only their own CBDC, but the digital assets it can be traded for and the obfuscation techniques common to them. 
  
  
• Scale of CBDC compliance - The scale of CBDC compliance is enormous. Central banks must create policy pertaining to AML, CFT, and other compliance measures and then ensure that all banks and financial institutions in their country comply with them. This process is resource intensive. 
  
  In addition to CBDC compliance at the national level, central banks must also adhere to policies of other partner nations. CBDCs, after all, are traded and exchanged cross-border with other nations, each of which will have its own unique requirements for AML and CFT. Central banks must meet these policy regimes, which are scaling up in number as more nations go into the pilot or launch phases for their own CBDC programs. 
  
  
• Over-reliance on blacklists - Many organizations put out blacklists. For example, the United States Office of Foreign Assets Control (OFAC) maintains a list of addresses associated with sanctioned entities like terrorist organizations. Facilitating financial transactions on behalf of a sanctioned entity can earn the organization serious punishments in the form of fines and other penalties. 
  
  Unfortunately, as soon as wallets are blacklisted, they become moot: Criminals will find other avenues with which to launder money, fund terrorism, and commit other crimes  with CBDCs and other digital assets. Without the right technology, such as compliance tools, central banks have little chance of proactively tracking criminals. 

Finding the Right Solution to Overcome CBDC Compliance Challenges

Given these challenges, central banks must find a robust compliance solution to effectively manage their CBDC programs. The core competency of a central bank pertains to the economy: issuing currency, regulating monetary policy, and protecting financial systems. Central banks typically lack specialized expertise in technology, particularly in selecting an appropriate compliance solution. Therefore, it is crucial to understand what to look for in a compliance solution to address the unique challenges posed by CBDCs.

• Rule-based customization - Too many compliance solutions still operate primarily around blacklists. These are accounts that have been flagged as being owned or associated with criminal entities like money launderers or terrorists. While blacklists are important, they should not be the end-all, be-all for compliance. 
  
  Criminals have developed workarounds to flagged addresses. They simply create new accounts that are not directly linked to those that have already been blacklisted. The best compliance solutions will still identify these accounts through rule-based customization. For example, a central bank can set a rule that issues an alert for when an account accumulates funds through multiple low value deposits of the CBDC, which could indicate a criminal trying to skirt AML and CFT measures.
  
  Compass, Merkle Science’s compliance solution, offers just this feature, enabling central bank to proactively prevent criminals from using their CBDC for criminal purposes like money laundering, terrorist financing, and tax evasion. 
  
  
• Continuous monitoring - Some compliance solutions only do an initial screening: The product will vet a particular address, and if no flag is triggered, it will be marked as clean. The problem with this approach is that it assumes that an address without criminal links will always remain so. This notion is far from the truth.
  
  A wallet that has remained largely dormant may suddenly become active as criminals use it as a node for laundering stolen funds. Central banks must choose a compliance solution that employs continuous monitoring of accounts. This way, the central bank can still catch addresses that are used for money laundering or terrorist financing, even if they did not originally appear to have criminal links.
  
  Compass practices continuous monitoring for submitted addresses, so that central banks can identify high risk addresses not only anywhere, but anytime. 
  
  
• Comply with cross-border regulations - As the nation’s digital currency, a CBDC will not only be traded within the country, but also cross-border. When the CBDC is exchanged with other countries, it may also be subject to different compliance regulations, each of which will be unique.
  
  Some compliance solutions are not built for this granularity. They only offer a one-size-fits-all approach to compliance, which is impractical for digital assets in general and CBDCs in particular. As noted above, the maturity of CBDC policy varies wildly, and each country in advanced CBDC development will have its own requirements. The best compliance solutions will enable central banks to create different rule sets for different segments, so that it can comply with the unique requirements of each partner nation.
  
  Compass offers this granularity, so central banks can also comply with the partner nations essential to making their CBDC succeed on a global scale. 

Conclusion: Ensuring Robust Compliance for CBDCs 

The vast majority of nations are considering a CBDC because it may bring many benefits to their economy. For nations to fully realize these benefits, they must build a strong compliance apparatus around their CBDC.  

The best way to achieve this goal is through a compliance solution like Compass. Equipped with rule-based customization, continuous monitoring of wallets, and market segmentation, Compass can help central banks implement strong procedures for AML, CFT, and other necessary compliance measures. 

Central banks interested in using Compass to streamline their compliance processes are encouraged to contact Merkle Science for a free demo.