Regulating CBDCs An Indian Perspective

In-House Counsel

Regulating CBDCs An Indian Perspective

Aditya Tiwari | March 2022

The Government of India (‘GOI’) in its Budget 2022-23 has announced that it shall roll out Central Bank Digital Currencies (‘CBDCs’) in the financial year 2022-23. This article highlights the regulatory challenges that the Reserve Bank of India (‘RBI’) should answer to regulate Central Bank Digital Currencies (‘CBDC’). The regulation of CBDCs should be written while keeping the following four aspects in mind: (a) Technology; (b) Market; (c) Norms and (d) Regulation of Risk.

It is imperative to understand the Blockchain technology to provide for apt regulations. Unlike the present internet technology that stores data, undertakes computation and transmission separately, Blockchain does everything on one platform. Blockchain stores information in cryptographically secured data in a block. The first block is referred to as ‘genesis block’. Every next block carries a hash of the previous block and is therefore, connected with the previous block. Access to the Blockchain Network is regulated through a ‘combination of a private and public key’. The network validates transactions through a ‘consensus mechanism’ which is built using game theory. The computation takes place through logic builds using ‘smart contracts’. The transactions take place through a peer-to-peer network that enables distribution of controls of the network rather than one entity controlling the complete network.

The RBI should provide for the manner in which the blockchain algorithms would be regulated. The questions such as (i) who would distribute the ‘private and public key’?; (ii) what configuration would a ‘wallet’ should have to hold CBDCs?; (iii) how would validation of the transaction take place as there are multiple variations of ‘consensus mechanism’?; (iv) who would validate the transaction?; will this be a permissioned network or open network?; (v) who can develop ‘smart contracts’?; what would be the nature of ‘smart contracts’?; would the transactions be immutable or it can be reversed and if yes, who can reverse the transaction and in what circumstances?

Facilitation of Blockchain2 protocol will require the engagement of intermediaries to implement rolling out CBDC. Central Banks can roll out CBDCs3 with hybrid access through payments services providers or technology service providers. With the recent steps that RBI has taken, Payment Aggregators (‘PA’), Payment Gateways (‘PG’) and Pre-Paid Instrument issuers (‘PPI-Issuer’) will have an important role to play in the CBDC echo-system. Some important steps that RBI has taken to regulate and improve the technology maintained by intermediaries are:

Prescribing baseline technology guidelines for PA and PG4;
Making RTGS5 available 24X7 for 365 days in a year;
On July 28, 2021, the RBI issued a circular granting access to Centralised Payment Systems (‘CPS’) to Non-Bank including PPI-Issuers. The direct access to CPS would enable a separate IFSC6 Code; a Current Account with RBI; a settlement account with RBI and Membership of INFINET7 and the use of SFMS8 to communicate with CPS.
The guidelines9 for PPIIssuers facilitates interoperability among wallets, with cards and UPI, requirements for ploughing back of profits, the permission of cash withdrawal and improved customer grievance system.
RBI issued directions for tokenisation of card transactions by card networks and making tokenisation available on mobile phones, tablets, laptops, desktops, wearables, internet of things devices etc.
RBI prohibited either the PA or its merchant to store cards.

RBI also may provide for a prerequisite that an intermediary should have to become part of the Blockchain network. It would also be clarified as to whether it would be Hyperledger, Corda or Ripples platform that would be used for CBDCs.

RBI may also look into governance by algorithms on a Blockchain Network. The ‘smart contracts’ could be used for initiating reporting of transactions that demonstrate patterns of anti money laundering. Similarly, Blockchain networks can be used for ‘regtech’ and ‘supervisory-tech’ as well.

MARKETS

Bitcoin was the first use case of Blockchain technology in the financial industry but not the only one. The other use cases were cryptocurrencies, stable coins, decentralised autonomous organisations, and decentralised finance.

These technological developments have today enabled following three scenarios10 in markets related to payments:

A probable competition between Stablecoins and National Currencies;
Decentralised Finance (‘DeFi’) offering alternatives to financial products;
Central Bank Digital Currencies (‘CBDCs’), providing open and global monetary and financial system.

Agustin argues that Stablecoin is private money and therefore cannot be trusted to espouse the cause of a particular nation and DeFi lacks controls. He submits that CBDCs are backed by Central Banks just like any other National Currencies and would bestow more trust in public than Stablecoin or DeFi. Irrespective of such submissions, there is a continuous growth in all three scenarios.

As of today, there are 91 countries that are working on different stages of CBDCs. Nine countries have already launched CBDCs. Nigeria is the biggest country to launch CBDCs in October 2021. China, Malaysia, Hongkong, Singapore, Sweden, European Union, Thailand, Ukraine, Angulia, South Korea, UAE, Saudi Arabia and Jamaica have already launched pilots for CBDCs. The United Kingdom and the United States of America are at the research stage but are still considering CBDCs.

In India, CBDCs have a use case for cross-border transactions. Traditional cross-border payments schemes12 in India take time, are marred by manual processes, charge higher fees and attract the risk of exchange loss13. In the Union Budget 2022, the Government of India has proposed to tax gains from cryptocurrencies at 30%. This will also to a large extent dissuade investments in cryptocurrencies. Cryptocurrencies do not have a use case for the domestic payments market, as NPCI offers transactions at ‘zero’ cost and has deep penetration in India.

Presently, NPCI has a digital payments agreement with Singapore and Saudi Arabia, two countries that are also working on pilot projects concerning CBDCs. BIS Innovation Hub has launched Project Jura, Project mBridge and Project Dunbar for cross border CBDCs. “In Project Jura, each central bank maintains individual control over its own CBDC on a single platform with separate subnetworks. In project mBridge, each participating central bank issues its own CBDCs and operates a validating node in a shared system. Project Dunbar explores the advantages and disadvantages of different DLT prototypes and validating mechanisms to support a common multi- CBDC platform”.

The aforementioned projects take only central banks as partners. However, for the implementation of Blockchain, participation of intermediaries cannot be ruled out. The RBI should work on a pilot using a ‘hub-and-spoke’ model, where, an authorised public sector bank with international branches can act as a ‘hub’ and national and international intermediaries can act as a ‘spoke’. Similar to India, international aggregators and payment gateway firms could act as intermediaries in this structure. Any participant in this model should comply with the regulations put together by RBI for managing the platform. This model will have more penetration into global markets, easier to implement, and easier to regulate as this network does not require interference of other Central Banks.

NORMS

Indians still love their cash for its ‘anonymity’. As a bitcoin transaction is an anonymous transaction, similarly, CBDCs, if they have to replace cash in the economy, will have to be anonymous. The anonymity of all the transactions should be preserved equally. The issue relating to anonymity can be addressed either by regulation or by the design of the algorithm. The RBI should prescribe for ‘anonymity’ to be maintained by regulations and if disclosures are to be made then in what circumstances disclosures can be made and to whom. India is also working on ‘Data Protection Bill’. A draft of ‘Data Protection Bill’ is proposed and there could be overlapping issues in relation to financial data including payments data and transaction data. As regulations would have to address cross-border issues, RBI would also have to provide for localisation of data, storing of data that is acquired abroad, and disclosure of data to certain specified authorities either abroad or domestically.

REGULATIONS

From a regulatory perspective, let’s see if RBI has power to issue CBDCs in India. Section 25 of the RBI Act provides that “The design, form and material of bank notes shall be such as maybe approved by the Central Government after consideration of the recommendations made by the Central Board”. Hence, the Central Government has power to approve the ‘design, form and material of bank notes’ as proposed by the Central Board. Therefore, a Central Board can always propose that design, form and material of bank notes can be in the form of CBDCs. The Hon’ble Supreme Court of India in the matter of Internet & Mobile Association of India v/s Reserve Bank of India held that RBI has powers to regulate and govern cryptocurrencies as they perform the same function as performed by a ‘currency’. If Supreme Court has held that RBI has powers to regulate cryptocurrencies, development of which is totally in control third parties, the price of which is not controlled by any central bank, infusion in the economy is not controlled by any Central Bank, these are completely anonymous and are held without proper anti-money laundering checks, then, CBDCs surely will make a case to be governed by RBI. Once considered a bank note, a CBDC will have a status of a ‘legal tender’ in terms of Section 26 of the RBI Act. A status as a ‘legal tender’ provides for an ability to settle the transactions once CBDC is transferred against receipt of goods or services as the case may be.

The PPI-MD provides that the issuer will conduct KYC of each person that avails a wallet. Further, Payment Aggregators are required to onboard merchants after appropriate KYC. Both PPI Issuer and Payment Aggregators qualify to be a regulated entity within the prevention of money laundering act and shall undertake reporting of transactions to FIU-IND or CERT-IN as the case may be. Similarly, in case of cross-border payments, RBI may allow payment aggregators who have license from central banks to deal in payment instruments to participate in the platform.

Further, the RBI is at the development phase of CBDCs, and will soon launch the pilot for CBDCs. Such a pilot should be launched under regulatory sandbox guidelines so that regulated entities can participate in the pilot to test various use cases of CBDCs.

Apart from the regulatory issues that are highlighted above in relation to technology, cross-border structure of CBDCs and anonymity of transaction, RBI should also address the following:

Criteria and prerequisites to be a participant to the CBDC network;
Authorising participants to deal in CBDCs;
Demarcate the role of technology companies and prerequisites for their participation;
Address the issues that may arise amount different regulators such as Securities and Exchange Board of India, and Insurance Regulatory and Development Authority;
Provide as to whether CBDCs will earn interest or could be held as deposits by the bank;
Distinguish between the status of CBDCs, Cryptocurrencies and Stablecoin;
Provide for mechanism for transacting with CBDCs across borders;
Permit banks (domestic and foreign) to deal in CBDCs.
Provide for equivalence of CBDCs value with Indian Rupee in International Market;
Provide for whether CBDCs could be used as a tool for monetary policy;
Provide for whether CBDCs can be used as derivatives for hedging foreign exchange;
Who would be the authority to issue CBDCs?
Who would be the authority to audit and audit requirements?
What disclosures are to be made in respect of CBDCs?

CONCLUSION

It took years to develop the methodology and the manner in which bank notes are minted, distributed and used within an economy. One immediate challenge that RBI may face is the rate of ‘transaction per second’. As the Blockchain technology updates all the nodes in real time, it takes time to complete the transaction online. The platform for CBDC should meet the speed at which transactions are done today. This may deter adoption of CBDCs in India. RBI would have to look for a perfect balance of ‘control’ through regulations on CBDCs. As neither too much control can be put as it would deter adoption nor too much freedom could be provided as it would lead to misuse.

About Author

Aditya Tiwari

Aditya Tiwari, Senior Director, Legal at Cashfree Payments with 20 years of experience in transaction advisory, regulatory dispute resolution and tax, Aditya leads the legal team at Cashfree Payments. Passionate about fintech, he engages in research, consulting and training in technologies around blockchain, artificial intelligence, new financial regulations and data protection laws.