Central banks are wrong to say that CBDCs must be built to comply with AML regulations

Central banks and related authorities are increasingly publishing papers explaining what the design of a CBDC might look like. In itemizing the various design choices available, I have noticed that there is one limitation that keeps coming up that to me seems completely artificial. From the recent (excellent) Bank of England paper:

A CBDC payment system would need to be compliant with AML and CFT regulations and requirements. This means the identity of CBDC users would need to be known to at least some authority or institution in the wider CBDC network who can validate the legitimacy of their transaction.

And here is the Bank of Canada a few days ago:

A CBDC system is required to comply with regulations (e.g., KYC and AML). This can dictate the level of privacy and the selection of privacy techniques. KYC may require entities to store personal data with proper classification. Generally, achieving high levels of privacy while complying with regulations is complicated. A designer, however, could build a system with hybrid privacy levels. In this, unregulated holdings and transactions (offering maximum privacy to users) would be permitted within limits (e.g., a maximum amount) alongside regulated ones without limits.

It makes no sense to say that a CBDC that does not yet exist must be designed to comply with AML obligations for the simple reason that no such obligations have been promulgated for CBDC—reasonably since, after all, the thing doesn’t exist.

A CBDC could be designed in such a way that it has all the same properties as physical cash and there are no AML obligations on cash. Sure, financial institutions that deal with cash have obligations, like collecting customer identification and reporting transactions over $10,000, but those are not obligations on cash itself. As private citizen I could have $1 million of cash in my house and use it as I see fit and neither I nor the cash itself nor the Fed have any AML obligations. A CBDC could be designed in such a way that financial institutions could easily meet their existing obligations related to cash and cash substitutes, but would create no new obligations.

So, it’s inaccurate for central banks to say that the design of a CBDC is constrained by AML obligations. Central banks may want there to be financial surveillance built in to CBDCs, but they are not obligated to do so and should not pretend otherwise. They should either build a new kind of central bank money that is digital but preserves the privacy and ‘bearer’ features of physical cash, or they should be clear that they are choosing not to do so.