BIS: Central banks must address CBDC risks

For central bank digital currencies to be a reliable means of payment, central banks should address the risks of interruptions or disruptions and ensure integrity and confidentiality, according to a new report by the Bank for International Settlements. The report, which focused on information security and operational risks of CBDCs, noted that the number of central banks working on digital currencies has tripled in the last three years, reaching 130 in mid-2023. It also found that issuing a CBDC will have major implications for the business model of central banks and the risks they face, and would modify their risk profiles.

Among other things, central banks seeking to adopt a CBDC must develop robust business continuity plans to ensure the reliability and continuity of services based on possible scenarios and threats, throughout the full digital currency cycle, according to the report. “CBDCs using novel technologies such as distributed ledger technology (DLT) will face unique cyber risks, as there is no widely accepted cyber security framework for DLT,” the authors wrote. “Furthermore, there are limited real world data pertaining to threats to CBDCs, regardless of the type of technology they use. Accordingly, managing risks associated with CBDC issuance may require adapting existing cyber security assessment methodologies and frameworks to this unfamiliar landscape.”

The American Bankers Association has long held that regulators have failed to find a relevant use case for a U.S. CBDC, and that the risks of a potential CBDC far outweigh any theoretical benefits.