CBDC – What Goes Around – Eventually Comes Around

This week, in a blizzard of buzzwords and a surfeit of self-congratulation, the Bank for International Settlement (BIS) Innovation Hub published[i] a very glossy proposal for “Building a multi CBDC platform for international payments”.

So, what is the great insight in this proposal that is going to transform cash as we know it??

The BIS has (… Drum Roll …) reinvented the Centralised Database.

The Single Ledger

Even though there are 33 different references to ‘blockchain’ in the proposal, everything in the proposal hinges on a so-called ‘Single Ledger’ such that:

1)?????“Only trusted parties can validate transactions on the ledger. These parties could be nodes managed by the central bank or a trusted blockchain service provider. Having trusted validators reduces the computational resources necessary to securely validate transactions”;

2)?????“A restricted list of parties can submit transactions to the ledger. The list of restricted participants is decided by the central bank and governing bodies”;

3)?????“Access to view the ledger is restricted into hierarchies. The central bank or regulator bodies can have an extended view of all can be limited to their own transactions.”

Everything but everything then is centralised and controlled by the Central Banks involved – as it should be!

Before looking at the proposal in a bit more detail, it is worth asking WHY?

There is much blockchain-type nonsense in the proposal and the usual selective misinformation. ?

The document does admit up-front : “A notable effort to improve the speed of cross border payments is SWIFT gpi. SWIFT gpi messages can be sent and received in under five minutes and 92% of the payments are clearing within 24 hours.”

However, the proposal goes on: “When taking into account manual processing, compliance checking, differences in time zones and operating hours for local settlement networks, the time between payment messages and settlement can often take up to 3-5 days.”

This is compounded by the statement “The IL2 prototype reduces transaction times from an average [SIC] of 3-5 days to near real-time cross-border payment.”

So, ‘can often’ in BIS speak becomes ‘average’[ii].

The document does NOT, however, elucidate on just how the proposal will: (a) eliminate manual processing in the source and destination corp. or bank; eliminate compliance checking; eliminate differences in time zones, since banks are still involved; and expand operating hours for local settlement networks?

One would have thought that as an aspiring research organization that the BIS Innovation Hub would do a little more research before making such exaggerated claims for relevance.

But maybe we can put that down to their (obvious) inexperience and concentrate on the proposal.

The mCBDC Bridge Model

The mBridge model proposed in the document is shown below

Figure 1 – mBridge Model

?Simple, Eh? Yes, Simple but massively Oversimplified!

The diagram does not show other essential participants, as expanded in Figure 2 below

Figure 1 – Realistic mBridge Model

?

Figure 2 adds essential participants into the core of the mBridge model, especially

1)?????Central Banks: which create and burn/destroy tokens on EVERY Transaction;

2)?????Liquidity Management[iii]: responsible for ensuring liquidity needed to complete transactions;

3) And a massive central Single Ledger/database;

And not illustrated (for lack of space)

4)?????Validators: to check that transactions do not ‘double spend’ coins/tokens; and

5)?????FX Rate Setters: responsible for providing and guaranteeing Foreign Exchange Rates.

All of these participants are ‘points of failure’ and in some cases, SINGLE points of failure.

Let us assume that a Corporation (Corp.) in the PRC top right, wishes to send 1,000 e-CNY (roughly 5,254 THB) to a corporation in Thailand (Thai Corp.), the sequence is at least the following:

a.??????PRC Corp interacts with PRC Rate Setter(s) to obtain an acceptable RMB/THB rate (similar to today but not necessary for example when forward rates are locked in);

b.??????PRC Corp interacts with PRC Bank to issue or release requisite amount of e-CNY and send payment instructions (pretty much as in the correspondent bank model today);

c.??????One (or more) Validators are ‘called’ to verify that the tokens are valid and that the tokens have not been spent (no equivalent today);

d.??????Assuming OK, the transaction is sent to the PRC Central Bank which will destroy the e-CNY tokens (no equivalent today);

e.??????And then Liquidity Management is ‘called’ to ensure there is sufficient liquidity in the e-CNY system (today this is absorbed in the correspondent banking model);

f.???????The ‘transaction’ is now routed to the Thai e-THB leg (performed today by systems such as SWIFT);

g.??????Calls THB Liquidity Management to ensure there is sufficient liquidity in the e-THB system (today this is absorbed in the correspondent banking model);

h.??????The Thai Central Bank then takes the transaction for roughly 5,254 THB and mints and issues the token(s) for the e-THB (no equivalent today);

i.????????Somehow one (or more) Validators may have to be ‘called’ to record/verify that the tokens are valid and that the tokens have not been spent (no equivalent today); and

j.????????Thai Bank interacts with Thai Corp to release requisite amount of e-THB (pretty much as in the correspondent bank model today).

The BIS proposal claims that this process will: incur less fees; be simpler to operate; has NO FX Settlement Risk; has higher transparency; and a lower reporting burden.?

However, the proposal does not justify any of those claims apart from a throwaway line that (although a retail system) “transaction costs for a multi-million-dollar payment could be as low as 1%. Regardless, 1% of a such a high value payment is still a significant amount".?

No evidence for the “as low as 1%” is given.?Nor has any thought been given as to how the additional participants will be remunerated or incentivised - apparently it will just happen.

Certainly, the overall process will NOT be simpler to operate, and, in fact, the introduction of multiple new parties and Single Points of Failure create immense Systemic Operational Risks.?

Nor does the proposal identify anywhere what would happen if there is a failure in any of the processes in the more complex sequence and ‘immutable’ ledgers would have to be rewound (adding even more complexity and risk) .

Centralisation

It would be churlish of the author to criticise the BIS for proposing a centralised model, as the author has argued consistently that this is the only really workable solution, and the proposal agrees for the right reasons, especially:

“One of the benefits of a single ledger implementation, such that is used in the IL2 prototype, is that transfers between different tokens, issued by different central banks, do not require complex locking mechanisms. To effectively reduce counterparty or settlement risk, minimising the distinct and separate steps within a token transfer transaction is critical. For implementations that have tokens issued on separate ledgers, complex transactions, such as hash timelock contracts, must be constructed”.

In other words, separate (distributed) ledgers just won’t work in practice[iv]!

But there is centralization and then there is centralization.

Cloud and Software Central

The BIS proposal is chock-full of technical buzzwords, many related to software products. For example, the proposal suggests the use of Amazon Web Services (specifically AWS EKS) to provide the operational infrastructure.

The use of Cloud services by a firm is useful in many circumstances to provide flexibility for example, in changing models of Operational Expense (OPEX) and Capital Expenditure (CAPEX) to aid product growth.?Of course, offset against the possible savings in expenses are the enormous cyber risks which are in effect outsourced here to the cloud provider (here AWS).

Has anyone told the PRC, HK, Thai and UAE central banks that, if this model goes forward, their foreign exchange payments systems, and the data underlying it, will be dependent on an American software provider (Amazon), over which they have no control?

Likewise, the software used in the proposal is supplied by Consensys (another US company) and runs on an open blockchain using Ethereum standards.

Has anyone told the PRC, HK, Thai and UAE central banks that, if this model goes forward, their foreign exchange payments systems, and the data underlying it, will be dependent on a very very buggy system with lots of holes and errors.

At best, the BIS proposal is an interim place holder for a possible architecture for cross border CBDC transfers, but is no way near ready for prime time.

Next Steps

In the conclusion of the proposal, the BIS lists a large number of areas that need further resolution including: ?“Data privacy approaches; FX liquidity management across multiple currencies; Performance and scalability to support fully operational payment volumes; Interoperability by vertically linking into core banking systems and payment providers; Interoperability by horizontally linking with other cross-border and domestic systems; Atomic transactions across multiple self-sovereign systems; Distributed gridlock resolution solution; and Technical platform governance.”

In short, the ‘hard stuff’ still needs doing!

But nowhere does the proposal address the fundamental question – now we have settled on a ‘centralised approach’, is there a better way to tackle this problem?

For example, why not actually use a REAL central database, that we already know works at scale?

There are many such operational high-performance databases on the market, from the proprietary, such as Microsoft SQL Server and Oracle, to the open source, such as MYSQL or PostSQL.?

The advantages of such an approach are that, provided that a database standard (such as SQL) is adopted and a common process standard is agreed, then each Central Bank can choose the best combination of technologies needed to implement the common interface itself, for its own jurisdiction.

As a research organization, BIS Innovation Hub owes it to its customers (the central banks of the world) to set up and test realistic implementation alternatives and only then to do architecture design and proper business case evaluation for implementation.

[i] This followed a proof-of-concept (PoC), called Project Inthanon-LionRock Phase 1, which BIS claimed had “achieved a single platform built by R3 on Corda, designed to allow the participants of each network to conduct fund transfers and foreign exchange transactions on a peer-to-peer basis, thus reducing settlement layers”.

[ii] Unfortunately, this is not the only sloppy logic error in the proposal.

[iii] Called an “automated Liquidity Saving Mechanism (LSM)”.

[iv] This was discovered quite early on in the disastrous ASX Chess Replacement project, resulting in a total mess of a technology architecture.