Examining the Policy and Legal Consideration of a Digital Rupee
Part II of the Vidhi Central Bank Digital Currency (CBDC) blog series
The Reserve Bank of India’s (RBI’s) Concept Note (Concept Note) on a Central Bank Digital Currency (CBDC) examines the implications of CBDC issuance on monetary policy, financial stability, banking system, and privacy of users. These are significant issues for a retail CBDC (r-CBDC), which will be consumer-facing and may pose competition to existing financial intermediaries. In the second part of the Vidhi CBDC blog series, we discuss key policy and legal considerations for r-CBDC issuance.
Financial Stability and Monetary Policy
Several central banks exploring CBDC highlight the need to closely monitor its impact on financial stability and monetary policy. One common concern highlighted by central banks (India, United Kingdom (UK), European Union (EU), United States (US), Bahamas, China, Sweden) is the impact of CBDC on the disintermediation of the banking sector. If CBDCs are preferred to bank deposits, it could lead to banks competing for bank deposits, which in turn may impact lending rates. Another concern is the potential of CBDC to accelerate bank runs during a financial crisis, as consumers may view CBDC safer than bank deposits. To respond to these potential risks, the economic design of CBDC is crucial. Issues on the access criteria of CBDC, the limit on CBDC fund holdings, and interest on CBDC (if any) are important factors affecting the demand and adoption of CBDC which has a bearing on the nature of competition it poses to bank deposits.
While the final economic design of India’s CBDC will be based on findings from the upcoming Reserve Bank of India (RBI) pilots, important learnings from live CBDC projects or pilots in other jurisdictions (China, Nigeria and Bahamas) will be useful. For instance, CBDCs of China (e-CNY), Bahamas (Sand Dollar) and Nigeria (e-Naira) are non-interest bearing. Like RBI, these countries have sought to replicate the existing two-tier financial system architecture for cash by adopting an indirect two-tier CBDC model (see the previous blog), where RBI issues the CBDC, but private sector intermediaries (such as banks) (CBDC Intermediaries) are responsible for consumer-facing activities. In terms of limits on transactions, e-CNY has tiered wallets, with different caps and transaction limits for different types of wallets, e-Naira has limits on wallet transactions and Bahamas has a limit on CBDC funds that can be held in wallets. In certain cases, the Bahamas require wallets to be linked to bank deposits. It may also be useful to have frameworks for early warning of threats to a bank’s liquidity to enable the adoption of necessary measures to prevent bank runs.
Consumer Protection and Grievance Handling
Consumer protection is an important consideration for a r-CBDC especially in a two-tiered architecture. Recognising the role of consumer protection, the Concept paper identifies three important consumer risks – privacy, technical / security and accountability risks. RBI also emphasises the need to have an efficient grievance redressal mechanism to ensure effective consumer protection.
Typically, central banks will protect consumer interests through regulations for CBDC Intermediaries to interact with consumers. For protecting consumer interest, RBI must clearly delineate the role and responsibilities of RBI and the CBDC Intermediaries in such regulations. This is necessary to determine liability for unauthorised transactions, data loss or security breaches and provision of compensation to consumers in case of loss. Given that CBDC Intermediaries directly interact with customers, the primary responsibility of resolving the grievance may lie with such intermediaries.
However, RBI must set out the key features of a dispute resolution mechanism, including the nature of disputes that may be entertained, the appointment of specific/designated officers by CBDC Intermediaries who may be approached, the timeline for resolving the dispute and a possible escalation matrix, including a mechanism to approach RBI in case the dispute is not resolved at the level of the CBDC Intermediary.
The lack of legal certainty of CBDCs will expose central banks and the whole banking ecosystem to legal, financial, and reputational risks. The most obvious legal requirement highlighted by central banks (including RBI) is the power of the central bank to issue a digital version of the fiat currency and other concomitant changes required to the central bank and monetary laws to accommodate CBDCs.
Pertinently, through the Finance Act, 2022, the Reserve Bank of India Act, 1934 (RBI Act) was amended to amend the definition of “bank note” to include banknotes issued in digital form. This amendment read with section 22 of the RBI Act empowers RBI to issue digital bank notes. Further, a new section 22A is proposed to be inserted into the RBI Act to make certain provisions of the RBI Act relevant for physical bank notes inapplicable to digital banknotes. While these amendments empower RBI to issue a CBDC, there are other legal issues that require consideration for CBDC issuance.
- The Concept Paper states that “banks and any other service providers” will participate in the two-tier CBDC architecture. Clarity on the definition of service providers is necessary to understand if this will include already regulated RBI entities (such as payment system operators) or may include newer players. Depending on the financial sector intermediaries who participate in the CBDC infrastructure, implications under Banking Regulation Act, 1949 and the Payment and Settlement Systems Act, 2007 will have to be examined.
- If the entry of newer players is allowed to provide technical or other value-added services, legal clarity on the regulation of such entities must be outlined. For instance, Nigeria envisages the role of merchants who are defined as duly accredited individuals and non-individual (corporates) authorised to conduct business in Nigeria and are responsible for providing transaction options of e-Naira.
- A separate governance framework for regulating CBDC Intermediaries is necessary. The framework could include stipulations on eligibility and licensing requirements, cost and fees structures, disclosure norms, wallet specifications, onboarding standards, interoperability standards, liability in case of unauthorised transactions, fraud, security and privacy breach, dispute resolution mechanisms, data governance standards, risk mitigation strategies and outsourcing policies.
- The nature of the Know-Your-Customer (KYC) framework and application of the Prevention of Money Laundering Act, 2002 (PMLA) will have to be examined. Since RBI proposes “managed anonymity” with anonymity for small transactions and traceable for large-value transactions, tiered KYC may be considered. Based on the level of KYC, wallets can be permitted to have specific features, including caps on funds and limits and the nature of transactions. The provisions of the PMLA Act must be made applicable to CBDC Intermediaries for “specified transactions”.
- CBDC infrastructure will allow CBDC intermediaries to have access to large amounts of personal information. Legal issues relating to privacy and data governance must be examined to understand who can collect, process and store data, the purposes for which data will be used and if the data can be shared with other entities, including RBI and government entities for law enforcement. Further, cross-border implications of sharing data outside India may also have to be examined. Currently, such issues are addressed by the Information Technology Act, 2000 and the Information Technology (Reasonable security practices and procedures and sensitive personal data or information) Rules, 2011. However, in light of the Supreme Court judgments in the Puttaswamy cases (I and II) and in the absence of comprehensive data protection law in India, it is necessary to design robust data governance and privacy standards for protecting consumer data. In implementing “managed anonymity” important questions arise regarding the definition of small-value transactions, the cap on such anonymised transactions, the possibility of misuse of such anonymised transactions, and legal safeguards for regulating such transactions.
- Enforcement powers of RBI to proceed against CBDC intermediaries or any other entity for the purposes of ensuring the safety and security of the CBDC system must also be envisaged.
Legal Implications for Wholesale CBDC
Presently banks can open accounts with the RBI. Since the RBI is exploring an account-based wholesale CBDC (w-CBDC), currently, this provision seems adequate. This provision will have to be revisited in case of any operational or technical change in the operation of such accounts, including if other entities are permitted to open such accounts. RBI intends to conduct pilots to assess the role of w-CBDC for cross-border payments.
One key concern that has been highlighted by ongoing multilateral experiments between different countries on cross-border payments using CBDC is that different aspects of cross-border w-CBDC payments may be subject to the laws of various jurisdictions which may be conflicting. In such cases, there is a need to have harmonised standards across countries which intend to use w-CBDC for cross-border payments. This may include common standards for settlement finality, interoperability, data protection and localisation, dispute resolution and consumer protection.
Separately, RBI may also have to examine legal issues under Foreign Exchange Management Act 1999, determining the applicable law for such transactions, and settlement finality.
Read Part I of the CBDC blog series here.