Abstract: This article explores several key issues of common concern on digital Renminbi, or the e-CNY, including its top-level design, risk control, personal information protection, and payment anonymity. It also proposes policy suggestions to promote the future development of the e-CNY.
I. CLARIFYING A FEW MISUNDERSTANDINGS ABOUT THE E-CNY
China’s ongoing trial program with digital Renminbi, or the e-CNY, has sparked heated discussions. There have also been some misunderstandings which I would like to take this opportunity to explain and clarify.
One misunderstanding is that the e-CNY cannot be used to buy gold or foreign exchange. That is incorrect. The e-CNY is the digital form of China’s legal currency, valued at 1:1 to physical Renminbi. It can be used to buy anything that can be bought with paper money and coins. Since you can buy gold and foreign exchange with paper money and coins, you can also buy them with the e-CNY.
Another misunderstanding is that the e-CNY violates user privacy. Some say it’s like a GPS device that tracks where you go and live and with whom, what you spend your money on, and how much you spend.
But that’s not true. An important feature of the e-CNY is controllable anonymity. This corresponds to its nature as M0, and ensures a reasonable level of anonymity and privacy protection during transactions; at the same time, controllable anonymity is intended to meet the need for preventing and reducing irregularities including money laundry, terrorist financing and tax invasion, in order to protect financial security.
II. THE E-CNY IS A FORM OF M0 AND THUS SHOULD PROVIDE A REASONABLE LEVEL OF ANONYMITY
1. The e-CNY should be designed to protect personal privacy
Consumers are attaching greater importance to personal privacy protection amid the big data boom. While electronic payment represented by mobile payment provides a higher level of convenience than traditional cash payment, some of the consumers still prefer cash because cash transactions are anonymous and pose no privacy threat.
The e-CNY is poised to serve as cash in circulation, or the M0. It is the digital form of cash. Therefore, it should be designed to meet the reasonable requirement for anonymity and privacy protection:
? It should cater to the need of immediate, small-amount payment on a daily basis and ensure the privacy of transactions.
? It should clarify the scope of anonymity, and ensure that the personal information of consumers is not acquired by merchants or other third parties without proper authorization during transactions with e-CNY.
? It should better manage the use and protection of personal information, so that information on clients and their transactions and spending collected by operators are kept properly.
2. The two-tier operation system of the e-CNY can prevent unauthorized access to and use of personal information
The e-CNY adopts a two-tier operation system, where the People’s Bank of China (PBC) provides digital yuan to designated operators which then put the money into circulation.
The operators collect necessary personal information including those generated during the use of the e-CNY wallet, while the PBC only handles cross-agency transaction information transferred to it from inter-connective platforms.
To protect privacy, the e-CNY wallet also applies anonymization technologies so that counterparties and other commercial institutions will not gain access to any personal information during transactions. Nor do they have access to any complete information on general users’ transactions and spending.
Related authorities can only ask operators to provide users’ personal information only when they suspect of illegal dealings. The information provided and used will be strictly controlled within the scope allowed by law, with security precautions in place.
The PBC acts in strict accordance with The Cybersecurity Law of the People's Republic of China, The Personal Information Protection Law of the People's Republic of China and other applicable laws and regulations, and adopts advanced technologies and management mechanisms to protect personal information.
Technologies applied include access control and multifactor authentication to protect data security and prevent unauthorized access, disclosure, use, alteration, damage or loss.
Management mechanisms in place include internal firewalls and strict privacy precautions, including designated risk management personnel, business separation, hierarchical authorization, check and balance, and internal auditing.
Information related to the e-CNY will be encrypted and safely kept. All client information will be de-identified and cannot be viewed or used by any organization or individual both within and outside the PBC without proper authorization; those gaining illegal access to such information will be held accountable.
3. E-CNY wallet matrix design principle: Anonymity for small-amount transactions, and traceability for big-amount transactions
Traditional payment tools including electronic payment and bankcard payment are both linked to the bank account system which implements the real-name registration system, and thus cannot provide payment anonymity as required. But the e-CNY wallet is loosely coupled with bank accounts and so less reliant on financial intermediaries, thus enabling anonymity of small-amount transactions from a technological point of view.
? There are four levels of e-CNY wallets based on the level of user anonymity, all can be activated with a phone number only. According to The Cybersecurity Law and The Personal Information Protection Law, telecommunication operators are not allowed to disclose client information to third parties including the PBC, thus ensuring the anonymity of the four levels of wallets activated with phone numbers.
? E-CNY wallets include soft wallets and hard wallets. There are four types of soft wallets, and the hard wallets to which they belong are all anonymous, in order to meet public demand for anonymous transactions online and offline in small amounts. In addition, hard wallets adopting a quasi-account system cannot be associated with user identity, and so play a positive role in promoting anonymity with small-amount payment.
? E-CNY wallets include main wallets and sub-wallets. Users can activate sub-wallets under a main wallet to pay on e-commerce platforms. As all user information has been de-identified, no information will be provided to e-commerce platforms such as bank account number and validity except for the phone number used to activate the sub-wallet, thus protecting privacy.
4. The e-CNY system collects necessary information only based on client preference
Based on the two-tier system and the wallet matrix, the e-CNY follows the principles of independence, transparency and minimization, and only collects necessary information that are directly relevant.
Users have the right to disable the access at any time, and then the e-CNY application will immediately stop processing personal information to ensure user autonomy. The app also strictly implements the decision of users should they refuse to grant access to their information.
The e-CNY app does not ask users to grant access to all information at a time. Instead, it only requests information that is necessary and reasonable on a case-by-case basis. It would inform users of the intended use of the information, the access to which is then granted only if the users agree. It lists all detailed information it needs to provide services and the corresponding scenarios, so that users can understand what permissions are needed from them and why.
The e-CNY system only acquires and processes personal information that are necessary and directly relevant. The e-CNY app only collects information so that it can enable user registration, login, password amendment and retrieval, and other basic account functions; operators of e-CNY wallets only collect information on user identity and transaction so that the digital currency can serve its fundamental roles in payment and other basic services. In addition, to protect the security of users’ assets, the e-CNY system only collects information necessary for risk control to enhance risk identification and prevent theft, malicious loss report and online frauds.
In a word, the e-CNY provides the strongest level of user privacy protection among all existing digital payment tools.
Ⅲ. RISKS AS A RESULT OF MORE CONVENIENT, LARGER-SCALE AND CROSS-REGIONAL SUPPLY OF FINANCIAL PRODUCTS AND SERVICES AMID THE DIGITAL ECONOMY BOOM DESERVE SPECIAL ATTENTION
Freedom without restriction is not real freedom. If we focus only on privacy protection while overlooking potential risks from more convenient, larger-scale and cross-regional supply of financial products and services amid the digital economy boom, central bank digital currencies (CBDCs) will be exploited by criminals which may have dire consequences.
1. The e-CNY should meet global standards and domestic laws and regulations on anti-money laundry and anti-terrorist financing
To protect financial security and stability, global central banks and international organizations have all attached great importance to risk prevention while exploring the anonymity of CBDCs, and those that fail to meet anti-money laundry, anti-terrorist financing and anti-tax evasion purposes will be vetoed.
Agustín Carstens, General Manager of the Bank for International Settlements (BIS), pointed out in his speech Digital Currencies and the Future of the Monetary System that full anonymity is unrealistic and a fully anonymous system is unlikely. The European Central Bank (ECB) said in the report Exploring Anonymity in Central Bank Digital Currencies that “the ongoing digitalization of the economy represents a major challenge for the payments ecosystem, requiring that a balance be struck between allowing a certain degree of privacy in electronic payments and ensuring compliance with regulations aimed at tackling money laundering and the financing of terrorism (AML/CFT regulations)”. This echoes the idea of Fan Yifei, Deputy Governor of the People’s Bank of China (PBC), about controllable anonymity for balancing purposes which he first proposed in his article, Considerations on Central Bank Digital Currencies (CBDCs).
Obviously, full anonymity has never been considered by central banks as an option. Limited anonymity in accordance with anti-money laundry and anti-terrorist financing requirements is the international consensus instead.
The Financial Action Task Force (FATF) stated in its Report to the G20 Finance Ministers and Central Bank Governors on So-called Stablecoins, Once a CBDC is established, financial institutions, designated non-financial businesses and professions and VASPs that deal in the CBDC will have the same AML/CFT obligations as they do with fiat currencies or cash. A customer transacting using a CBDC will have the same customer due diligence obligations as if it was an electronic transaction using fiat currency.”
The Report also mentioned that “CBDCs could present greater ML/TF risks than cash…this combination of anonymity, portability and mass-adoption would be highly attractive to criminals and terrorists for ML/TF purposes”. This is because it’s highly costly to use cash in illegal transactions. Its transportation, check and delivery are all expensive and susceptible to miscount, damage, loss or forgery. The cost rises nonlinearly as the amount of cash involved increases. But the cost of using digital currencies remains almost the same despite the volume of transaction.
The fact that cash is not easy to carry in large quantities has made it harder for it to be used in money laundry and terrorist financing activities, and so its anonymity is more tolerable. But as CBDCs are much more portable, it would be easily exploited for unlawful purposes if it’s as anonymous as cash.
Therefore, CBDCs should not have the same level of anonymity as cash.
2. The e-CNY system should prevent telecommunication fraud and other risks
Internet and telecommunication frauds and irregularities are becoming increasingly rampant in recent years. Over a million criminals are involved in online frauds today across China, causing direct economic losses of over 100 billion yuan annually. The online space is also deluged with gambling activities. In 2019 alone, Chinese law enforcement agencies cracked over 7,200 online gambling crimes that involved a total of more than 18 billion yuan.
Under the traditional bank account system, account opening requires real-name authentication, and customer due diligence measures are in place over the course of the business relationship. But these are still not enough to prevent illegal online gambling and telecommunication frauds based on bank accounts.
CBDCs collect less user information than bank accounts or e-payment tools, and they are more portable than cash. If they are made highly anonymous, they will be easily used by criminals as a hotbed for illegal transactions. They will become a tool of telecommunication frauds, online gambling, money laundry, drug trafficking or even terrorist financing, and will not meet the standards set by international organizations such as the FATF.
Ⅳ. IMPROVE TOP-LEVEL DESIGN AND RISK CONTROL TO FULLY IMPLEMENT “CONTROLLABLE ANONYMITY”
1. Tighten legislation and improve top-level design
To fully implement the e-CNY’s controllable anonymity, we need to make four moves on its top-level design:
? Isolate user information. Ensure the independence of e-CNY operations, and put in mechanisms to isolate client information and restrict access. Operators should improve internal control on client information protection, and only grant access to such information for risk analysis and monitoring purposes in compliance with anti-money laundering, anti-terrorist financing and anti-tax evasion requirements.
? Clearly define the legal conditions for e-CNY wallets to be inquired, frozen or deducted. Such moves can only be allowed at the request of competent authorities with proper legal authorization for statutory causes, otherwise operators have the right to decline.
? Implement penalties. Regulators could enforce penalties on operators in breach of e-CNY user privacy rules.
? Improve laws and regulations on anti-money laundry and anti-terrorist financing with the e-CNY. Introduce regulations and rules in this regard at proper timing based on FATF principles and the unique features of the e-CNY.
2. Enhance technological application and improve risk control
E-CNY regulators will make better use of regtechs and leverage technological tools including big data, artificial intelligence and cloud computing to better identify, prevent and resolve cross-sector and cross-market financial risks.
To sum up, the e-CNY as the fiat currency issued by the PBC will fully respect user privacy, and work to improve risk prevention and avoid illegal uses.
Of particular note, the public will not lose access to physical cash with full anonymity because the e-CNY will run parallel to, instead of replacing, cash. In addition, controllability does not necessarily mean control and dominance. Risks and crimes are the targets of “control” which is critical to protecting public interest and financial security. The controllable anonymity of the e-CNY will provide better and safer payment services for users at large.
This is the speech made by the author on July 24 at the 5th Digital China Summit. It is translated by CF40 and has not been subject to the review of the author himself. The views expressed herein are the author’s own and do not represent those of CF40 or other organizations.
