The Risks to Society of Central Bank Digital Currencies

There is much written about CBDCs but little on the risks to society a CBDC would create.

I see these risks falling into three categories:

1. economic

2. financial

3. human rights

Economic Risks

The key economic risk is inflation. A CBDC can be created at the press of a button and distributed widely, inflating the money supply without any corresponding increase in GDP. This risk can be mitigated by issuing CBDC to individuals and businesses only in return for bank deposits, or collateral paid for with bank deposits; and to government only in return for bonds that have a reasonable chance of being repaid through taxes. Alas, since governments control central banks, this risk can never really be mitigated and as seen with Quantitative Easing and today’s rampant inflation, governments can always find ways to create money to spend – with CBDCs the temptation to do this will only increase.

The second economic risk is a large-scale misallocation of capital and effort to implement a CBDC. CBDCs require nationwide infrastructure for distribution and payments and this needs to be in place for CBDCs to be useful. The private sector is best positioned to provide this infrastructure but there is a risk CBDC infrastructure is designed and built by bureaucrats separate to private sector initiatives resulting in low adoption of CBDC caused by poor utility and poor user experiences.

Financial Risks

Financial risks include exchange rate risk, higher lending costs and operational risks.

A CBDC should be just another form of central bank money, but could governments be tempted to exchange it for current forms of money in the national currency at less than 1: 1?

CBDCs could result in higher lending costs. In its recent discussion paper on “New forms of Digital Money” the Bank of England identified increased lending costs as a risk resulting from a decrease in bank lending with CBDC and an increase in more expensive market-based financing.

Then there is the risk of a centralized CBDC system suffering outages and cyber attacks. Even a short outage could badly effect the whole nation by disrupting everyone’s financial transactions.

Human Rights Risks

If designed inappropriately, CBDCs have the potential to be used as tools of surveillance and control by governments. Every transaction is recordable and any authority with access to the CBDC ledger could see all transactions. They could also control individuals through the ledger – such as putting expiry dates on their CBDC, limiting how much they can hold, varying interest rates and prices depending on who they are, preventing purchases and automatically deducting fines.

The combination of digital identity and CBDC is also a big risk. Access and addressability are needed for digital payments but these are different to digital identity. In a world of programmable money, digital identity can go beyond just enabling access to your funds. Use of those funds can be made conditional on attributes of your digital identity. If those funds are in CBDC, then the central bank and by implication, the government can control directly how you spend and receive money.

Be wary of anyone advocating for digital identity to be connected to CBDC – while digital identity is needed to find fraudsters, money launderers and other criminals, there is no monetary reason to combine CBDC with digital identity.

An Architecture to Avoid the Risks of CBDCs

In large part, preventing the risks of CBDCs falls to society as a whole to accept only CBDC solutions that are free of these risks.

Critical to risk mitigation is designing a CBDC at the outset to prevent these risks from being possible, rather than just designing in controls to mitigate them (controls could be dismantled in the future).

A layered architecture is required.

At the base layer is CBDC as collateral for a nation’s payment system. Risk free, digital central bank money issued on demand by the central bank in exchange for government securities, reserves from commercial banks or for bank deposits from the non-bank private sector.

The next layer is private programmable money. These are simply IOUs, frequently described as stablecoins, but better characterized as “fixedcoins” as they are used and redeemed at par. They are issued by commercial banks (who create them when issuing loans, as they do with normal bank deposits) and by (licensed) private enterprises.

This layer is critical in separating programmability of payments from CBDC issuance and custody – a CBDC must have the hooks to support private programmable money in this layer, but there should be no programmability in the CBDC itself. Smart contracts are included in the private money layer to reach down into the CBDC layer to manage collateral and reach up to the layers above to manage payments. This layer is likely to be built on distributed ledger technology.

Addressability forms the next layer, providing the connectivity and interoperability for payments to flow seamlessly across different fixedcoins on different infrastructures.

Finally, on the top layer are the commercial applications – wallets, apps, gateways, devices and so on in which fixedcoin payments are embedded.

Digital identity is separate, outside this architecture and disconnected from it.


CBDC pose a combination of risks to consumers – financial, economic and human rights that are potentially severe if a CBDC is designed badly or with bad intent.

However, as a base layer in a monetary architecture CBDC as collateral for a nation’s payment system and for private programmable money could drive new innovation.

The challenge is to design and implement a CBDC so that it can never evolve out of the base layer and be abused to debase the money supply, monetise debt or control society through setting rules on how people receive and spend their money.

A layered CBDC architecture like this has the potential to drive innovation, proliferating the next generation of payment applications and the digital business models using them, for the benefit of all society.

See my Linkedin account for a longer version of this blog.


Leave a Comment

Your email address will not be published.