More on CBDCs, AML, and anonymity in electronic cash

My recent post on central bank claims that their CBDC designs would be subject to AML regulations got a lot more attention than I imagined it would. While most folks understood the point I was making, some did not, so here’s some hopefully clarifying follow up.

One objection that was raised by several persons was that indeed there are AML obligations on cash. After all you have to declare cash over $10,000 when you cross the border, and transactions over this amount must be reported by financial institutions (as defined in law) to the authorities.

This is something I specifically acknowledge in the original post when I wrote, “Sure, financial institutions that deal with cash have obligations, like collecting customer identification and reporting transactions over $10,000, but those are not obligations on cash itself.” Perhaps this was too subtle, so let me spell it out.

In the U.S., and I suspect in other OECD countries, AML laws do not regulate the central bank; they regulate private parties like banks, payments companies, casinos, estate agents, car dealerships, etc. When you withdraw more than $10,000 in cash from your bank to buy a car, for example, the bank and the car dealer you pay in cash both have an obligation to report the transaction to the government, but the central bank that issued the cash has no obligations. When you cross a border with more than $10,000, it is your obligation to report it, not the central bank’s. This is what I mean when I say that there are no AML obligations on cash itself, only on certain parties to cash transactions.

That is not merely a pedantic point. It matters because it means that although we have all kinds of AML regulations, there is no law that precludes the central bank from creating and maintaining a system of completely anonymous and untraceable payments (i.e. cash). And yet, in describing how they might design a CBDC, we’re seeing central banks cite “AML obligations” to justify why any new digital version of cash cannot be as anonymous and untraceable as physical cash. I’m not aware of any such restrictions on central banks and that is what I was pointing out.

In the post I was not advocating for CBDCs to be anonymous and untraceable, as some seemed to assume. I was only arguing that if a central bank decides that its CBDC should not be anonymous, then it should explain why it reached that conclusion and engage in a policy discussion with the public about it. It should not simply justify the choice by gesturing to non-existent “AML obligations.” If nothing else, it should have to reconcile why it’s fine that its physical cash is anonymous and untraceable (and the Bank of England sings the praises of physical cash in its CBDC paper), but electronic cash cannot be.

As I pointed out to the IMF’s John Kiff on Twitter, if we had an open and transparent policy debate about the tradeoffs of anonymity in CBDC design, I think what would happen is that a broad consensus would emerge: it should be built so that individuals can enjoy the privacy and autonomy that anonymity affords up to a certain “reasonable” level (and part of the debate would be what constitutes that level), but that it would be proper for a central bank to build the system in such a way that it can surveil larger transactions (or balances, that would be part of the debate, too). The problem with this, however, is that I haven’t seen a way that this could be accomplished technically. How do you have a system where transactions or individual holdings below a certain threshold are as anonymous as cash, but above that threshold they are traceable?

So it doesn’t get lost, let me now highlight the clause “as anonymous as cash” in the last sentence. “As anonymous as cash” means anonymous. Not “nearly-anonymous” and not merely “private,” but anonymous and untraceable. If it’s not anonymous for at least certain transactions, then one can’t really call a CBDC “cash-like,” merely P2P. I don’t see how such a tiered system is technically feasible, but I would love it if anyone can point me to references that explain how it can be done.

Kiff pointed me to the Bank of Canada, which in a couple of staff notes discusses the concept of a “universal access device” that apparently aims to do this. But I have not been able to find the technical details about the device and the way the staff notes discuss it, it does not seem to me that they contemplate it to offer CBDC payments that are as anonymous as cash. I would appreciate any light anyone might be able to shed on this scheme.

Finally, if it is indeed the case that a CBDC cannot be engineered to be as anonymous as cash for certain transactions but not for others, then what central banks will have is a choice between a CBDC that is completely anonymous or not. One that is electronic cash and one that is not. One that presents the same kinds of risks as physical cash does today, and one that tries to avoid them by curtailing the privacy and autonomy of individuals. Choosing between these is a conversation that should be had out in the open.