The Federal Reserve in January published a paper defining central bank digital currencies (CBDCs) “as a digital liability of a central bank that is widely available to the general public. In this respect, it is analogous to a digital form of paper money.”
The Fed is soliciting comments by May 20 from the public and stakeholders about CBDCs to questions in two categories: CBDC benefits, risks, and policy considerations; and CBDC design.
Once upon a time, the Fed managed a paper check system which required the actual paper checks to be delivered to check processing centers, which in 2022 is difficult to imagine. Of course, moving paper checks around the U.S. seems weird in the current internet age. In 2022, many businesses are moving to blockchain systems for private-sector financial products, supply chains, and services including cryptocurrencies.
The Fed is the central bank of the U.S. and its key functions include conducting “the nation’s monetary policy to promote maximum employment and stable prices in the U.S. economy.” You may be asking why the Fed has taken so long to get into CBDC, but that is not important. What is important is that here is an opportunity for stakeholders to influence CBDC.
Digital Currencies Are Becoming Prevalent
Unregulated digital currencies like Bitcoin are in use around the world, and some countries including Russia and El Salvador are now adopting Bitcoin and other digital currencies as legal tender for many reasons. Probably the most important reason is that there are an estimated 2 billion people on earth who do not have access to banks.
Of course, the Fed is concerned about unregulated decentralized finance (DeFi). On Nov. 9, 2021, SEC Commissioner Caroline A. Crenshaw defined DeFi as: “In general...it is an effort to replicate functions of our traditional finance systems through the use of blockchain-based smart contracts that are composable, interoperable, and open source.”
Major Cyber Risk to DeFi and CBDC
Many businesses around the world rely on cloud computing, and all digital currencies rely on the cloud somewhere. As a result, there is great risk from cybercriminals.
So, it is important that stakeholders provide comments to question No. 13: “How could a CBDC be designed to foster operational and cyber resiliency? What operational or cyber risks might be unavoidable?”
Over the years, when speaking around the country, I have asked for a poll of my audiences and I have found that 99% of people fail to read online terms of service, click agreements, and privacy policies, which means no one ever takes the time to study the online contract cloud agreements. So, it would not come a surprise that most standard unnegotiated cloud terms of service specifically put the burden of cybersecurity on the customer.
For example, the AWS customer agreement states:
4.3 Your Security and Backup. You are responsible for properly configuring and using the Service Offerings and otherwise taking appropriate action to secure, protect and backup your accounts and Your Content in a manner that will provide appropriate security and protection, which might include use of encryption to protect Your Content from unauthorized access and routinely archiving Your Content. [emphasis added]
Many readers will feel better to know that cloud providers adhere to cybersecurity audit standards from the American Institute of Certified Public Accountants (AICPA) and/or the International Standards Organization (ISO) which issue reports known as system and organization controls (SOC) and ISO 27001.
As a result, cloud providers will provide these SOC and ISO audit reports to provide insight about the cybersecurity for their services. However, as the Fed points out about the risk of using internet-based CBDC: “Many digital payments today cannot be executed during natural disasters or other large disruptions and affected areas must rely on in-person cash transactions. Central banks are currently researching whether offline CBDC payment options would be feasible.”
So, what happens if cybercriminals attack electric utilities? We live in a time of great risk, obviously. To deal with these cybercriminal risks with public utilities, the Federal Reserve has pointed out that the Federal Reserve Bank of Atlanta “is collaborating with Georgia State University and its Evidence-Based Cybersecurity Research Group on using darknet data to reduce fraud.”
A number of international cybersecurity researchers have indicted that public utilities are the highest risk targets, and assuming this is true, it is critical that the Federal Reserve needs to understand the risks and concerns regarding how to manage CBDC.
Should CBDC Be Legal Tender?
Another important question asked by the Fed is topic question No. 14: Should a CBDC be legal tender?
Just for the sake of clarity, the report defines legal tender as follows: “U.S. law specifically designates U.S. coins and currency (including Federal Reserve notes) as legal tender, “for all debts, public charges, taxes, and dues.” 31 U.S.C. 5103.
The question raised about CBDC being legal tender indicates that the Federal Reserve is anticipating CBDC to be recognized as legal tender given the current world economy, growth of digital currencies, and DeFi.
This article does not necessarily reflect the opinion of The Bureau of National Affairs, Inc., the publisher of Bloomberg Law and Bloomberg Tax, or its owners.
Write for Us: Author Guidelines
Peter Vogel is of counsel, a litigation lawyer, arbitrator, mediator, and special master at Foley & Lardner. He is a member of the firm’s Privacy, Security & Information Management and Technology Transactions & Outsourcing practices, as well as a member of Foley’s blockchain task force and NFT task force.