VoxEU Column

CBDC architectures, the financial system, and the central bank of the future

Major central banks are increasingly considering a digital currency available to the general public. But what are the advantages of doing so in the light of generally well working private sector payment solutions? This column discusses the range of proposed central bank digital currency architectures, how they could complement existing payment options, and what they imply for the financial system and central bank of the future.

A retail central bank digital currency (CBDC) is electronic central bank money that – just like cash – is directly available to consumers and non-financial corporations. The question of whether central banks should issue a retail CBDC is attracting increasing attention. Surveys indicate that 80% of central banks are engaging in work on the topic (Barotini and Holden 2019, Boar et al. 2020) and over 30 central banks have already launched research or design reports (see a companion Vox column here, as well as Kiff et al. 2020 and Group of Central Banks 2020).

But what are the specific problems that such a retail CBDC would address? What are the designs that offer actual solutions? And what are the potential side effects for the monetary and financial system in general, and central banks in particular? In this column, after briefly revisiting the motives for CBDC issuance, we examine which CBDC architectures can complement existing payment options without adverse side effects for the monetary and financial system. Our argument is based on the CBDC design framework of Auer and Böhme (2020a) and an evaluation of current approaches in the field of computer science (Auer and Böhme 2020b).

The key consideration for issuing a retail CBDC is that current electronic retail money represents a claim on an intermediary, rather than functioning as the digital equivalent of cash (Figure 1). This raises several issues, as the intermediary might run into insolvency, be fraudulent, or suffer technical outages.

Figure 1 Cash vs electronic money in today’s two-tier monetary system     

Notes: Cash is a direct claim on the central bank, while deposit accounts are claims on the commercial bank. Commercial banks back some of these claims by holding reserves at the central bank, but such value backing is never full. A CBDC that is unaffected by financial crisis must be a cash-like direct claim on the central bank.
Source: adapted from Auer and Böhme (2020b).

CBDC design efforts have to be viewed against the backdrop of central banks’ core mandate to provide a resilient and universally accepted means of payment. For centuries, this has been cash; but should cash no longer be generally accepted, not everyone might have access to an easy payment means,1 and a severe financial crisis might disrupt day-to-day business.2 The collapse of Wirecard and the ensuing impairment of some electronic payment options foreshadows the importance of this concern. 

Looking ahead, a main concern is that in a cashless economy, a financial crisis could create havoc by leading to situations in which some financial institutions have to freeze their retail clients’ deposits, thus impairing the ability of these clients to pay their bills. The Covid-19 pandemic raised concerns that cash can transmit pathogens, leading some merchants not to accept it (Auer et al. 2020b).

At the same time, a CBDC should by no means displace the private sector. One aspect – discussed at length elsewhere (e.g. Brunnermeier and Niepelt 2019, Fernández-Villaverde et al. 2020)3 – concerns balance sheet concerns. The economic design of a CBDC should not lead to a massive reallocation of funds away from commercial banks and to the central bank. 

A second – less discussed, but maybe even more important – aspect is the operational dimension and effectiveness of the payment system. The customer-facing side of real-time payments – including clearing, onboarding, enforcement of know-your-customer legislation, ongoing due diligence, dispute resolution and related services – are a massive operational task. This task is likely better handled by the private sector than the central bank.

These considerations bring to the fore the issue of how a CBDC can live up to central banks’ mandate to provide a universal means of payment for the digital era, while at the same time giving the private sector the primary role in the retail payment system. Only some of the numerous proposed CBDC architectures can achieve this feat.

CBDC architectures and the payment system

Figure 2 gives an overview of possible architectures for CBDCs and the alternative of a narrow payments bank. These examples differ in terms of the structure of legal claims and the record kept by the central bank.4

Consider first the most radical departure from the existing system: a single-tier design operated by the central bank, which we term the “direct CBDC” (top panel of Figure 2). Here, the central bank operates the retail ledger. As a result, the central bank server is involved in all payments. This requires substantial technical infrastructure to offer headroom capacity even during peak demand. On the upside, the system is very resilient as the central bank’s complete knowledge of retail account balances allows it to honour claims with ease – the information needed for verification is readily available. 

The most substantial argument against this architecture is that it marginalises private sector involvement. Intermediaries help to smooth the flow of payments by taking on risk, for example during connectivity breaks or offline payments.5 Also, an emerging fintech sector innovates with value-added services, such as automated financial advice, integration with consumer platforms and connection to other financial products like consumer credit. It is unlikely that the central bank would wish to substitute for the private sector in all these activities.

In contrast, consider an alternative to issuing retail CBDC: the simple requirement to fully back payment accounts with reserves at the central bank (bottom panel of Figure 2). This proposal has been floated under many names; here we follow Auer and Böhme (2020a) and term it the “indirect” architecture.6 This model’s regulatory and supervisory issues, as well as those pertaining to deposit insurance, are different from those of a CBDC with direct claims. If the intermediary is under financial stress and goes bankrupt, determining the legitimate owner might involve lengthy and costly legal processes with uncertain outcomes. Whereas full backing would likely mean that such episodes occur infrequently, the recent example of Wirecard underlines that these concerns have to be taken seriously.

Figure 2 Retail CBDC architectures and fully backed alternatives     

Notes: A retail CBDC allows consumers to hold a direct claim on the central bank. In the “Direct CBDC” model (top panel), the central bank handles all payments in real time and thus keeps a record of all retail holdings. Hybrid CBDC architectures (middle panel) incorporate a two-tier structure with direct claims on the central bank while real-time payments are handled by intermediaries. Several variants of the hybrid architecture can be envisioned. The central bank could either retain a copy of all retail CBDC holdings (upper variant in the middle panel), or only run a wholesale ledger (lower variant in the middle panel). An alternative to retail CBDC architectures are fully backed payment accounts that feature intermediaries who need to fully back payment account holdings at the central bank (bottom panel).
Source: adapted from Auer and Böhme (2020a).

On balance, we thus argue that the most interesting design space combines the credibility of a direct claim on the central bank with the convenience of private-sector payment services. This architecture is called “hybrid CBDC” in Auer and Böhme (2020a). A key element is the legal framework that underpins claims and keeps them segregated from the balance sheets of the payment service providers (PSPs). This way, in the event of PSP insolvency, consumers’ CBDC holdings would not be exposed to claims by the PSP’s creditors.

This segregation is the most important pillar for the credibility of the system. However, if a PSP fails – financially or technically – there must be a way for the central bank to unambiguously honour claims and, ideally, resume payments for the failing PSP’s customers without much delay. This capability depends on the information about retail accounts available to the central bank in such an event. 

We note that there are several possible implementations of a hybrid architecture. These offer a number of variants that trade off information needs of the central bank against convenience and resilience considerations. This is illustrated by two variants in Figure 2. In the first (upper variant in the middle panel of Figure 2), the central bank does not operate retail payments, but maintains a backup copy of balances which allows it to restart payment should intermediaries run into insolvency or technical outages. 

Some central banks might shy away from running a record of all retail data, for example due to issues with privacy and data security (e.g. Powell 2019). Therefore, the second variant of the hybrid CBDC (lower variant in the middle panel of Figure 2) could be considered as “fully intermediated” in the information structure as the central bank records wholesale balances only.7 However, the downside of an intermediated CBDC architecture is that the central bank needs to honour claims of which it has no record. Consequently, to safeguard cash-like credibility, PSPs would need close supervision to ensure at all times that the wholesale holdings they communicate to the central bank indeed add up to the sum of all retail accounts.

Stepping up: Payments and the central bank of the future

As central banks play a key role in payment systems, both the declining use of cash and related private sector developments may require them to step up and take a more active role (Carstens 2020). If a central bank were to issue a CBDC, it might opt to – but would not have to – operate any of the communication and record-keeping infrastructure. However, record-keeping, integrity protection and establishment of the necessary level of consistency can also be delegated to the private sector, which might either be allowed to use proprietary technology or be required to run open protocols specified by a standardisation body.

The need for technical supervision emerges as soon as the central bank is shielded from some retail transactions, which a fraudulent or technically compromised PSP could use to appropriate customer funds. Maximum supervision is required when the central bank has the conceivable minimum information set. Payment supervision must happen at a high frequency – perhaps even in real time. It must put aspects like data consistency, cyber security and privacy at centre stage.8

All this pinpoints a novel trade-off for central banks in the digital era: they can operate either complex technical infrastructures or complex supervisory regimes. There are many ways to do so, but all will require the central bank to develop substantial technological expertise.

Authors’ note: The views expressed in this column are those of the authors and do not necessarily reflect those of the Bank for International Settlements. We thank Stijn Claessens, Giulio Cornelli, Jon Frost, Antonio Fatas, and Leonardo Gambacorta for comments and suggestions.


Armelius, H, G Guibourg, S Johansson and J Schmalholz (2020), “E-krona design models: pros, cons and trade-offs”, Sveriges Riksbank Economic Review, June: 80–96. 

Auer, R and R Boehme (2020a), “The technology of retail central bank digital currency”, BIS Quarterly Review, March: 85-100.

Auer, R and R Boehme (2020b), “Central bank digital currency: the quest for minimally invasive technology”, BIS working papers, forthcoming.

Auer, R, G Cornelli and J Frost (2020a), “Rise of the central bank digital currencies: drivers, approaches and technologies”, CEPR Discussion Paper 15363.

Auer, R, G Cornelli and J Frost (2020b), “Covid-19, cash and the future of payments”, BIS Bulletin No. 3, April. 

Auer, R, J Frost, T Lammer, T Rice and A Wadsworth (2020c), “Inclusive payments for the post-pandemic world”, SUERF Policy Note No 193.

Bank for International Settlements (BIS) (2020), “Central banks and payments in the digital era”, BIS Annual Economic Report, Chapter III, June. 

Barontini, C and H Holden (2019), “Proceeding with caution – a survey on central bank digital currency”, BIS Papers No 101, January

Bindseil, U (2020), “Tiered CBDC and the financial system”, ECB Working Paper No. 2351.

Boar, C, H Holden and A Wadsworth (2020), “Impending arrival – a sequel to the survey on central bank digital currency”, BIS Papers No. 107, January.

Brunnermeier, M and D Niepelt (2019), “On the equivalence of private and public money”, Journal of Monetary Economics 106: 27–41.

Carstens, A (2020), “Shaping the future of payments”, BIS Quarterly Review, March: 17–20.

Fernández-Villaverde, J, D Sanches, L Schilling, and H Uhlig (2020): “Central bank digital currency: central banking for all?”, Becker Friedman Institute for Economics Working Paper No. 2020-04, University of Chicago.

Group of Central Banks (2020), Central bank digital currencies: foundational principles and core features. 

Kiff, J, J Alwazir, S Davidovic, A Farias, A Khan, T Khiaonarong, M Malaika, H Monroe,  N Sugimoto, H Tourpe, and P Zhou (2020),“A survey of research on retail central bank digital currency”, IMF Working Paper No. 20/104.

Powell, J (2019), “Letter to Congressman French Hill”, 19 November. 

Sveriges Riksbank (2019), “The Riksbank proposes a review of the concept of legal tender”, press release.

Sveriges Riksbank (2020), “The Riksbank’s e-krona pilot”, February.


1 Promoting inclusion would require low technical access hurdles for the CBDC. Multiple interfaces and physical payment tokens, prepaid CBDC cards or dedicated universal access devices should be considered, with user-friendly options for children, seniors, and groups with special needs, such as the visually impaired (Auer et al. 2020).

2 In Sweden, where cash use has already declined substantially, considerations along these lines have led the central bank to propose a review of the concept of legal tender (Sveriges Riksbank 2019).

3 One solution for such concerns is to remunerate CBDC holdings at a lower interest rate than that on commercial bank deposits. In the same vein, remuneration could be tiered, with CBDC balances below a given level earning a positive interest rate and those above earning a lower interest rate, or even a penalty negative interest rate (Bindseil 2020).

4 All four architectures could be either account- or token-based, and might run on various infrastructures. These choices are discussed in Auer and Böhme (2020a).

5 Importantly, it is the customer relationship – based on credit information – that allows the intermediary to accept such risks. Unless a central bank were to take on responsibility for credit information and customer due diligence – which would require a massive expansion of operations, well beyond existing mandates – it would find it difficult to provide this service.

6 Adrian and Mancini-Griffoli (2019) term this architecture “synthetic CBDC.” As it does not offer consumers a direct claim on the central bank, but one on an intermediary, some central banks have argued that it does not warrant the “CBDC” label (ie Group of central banks (2020)).

7 Such an architecture is similar to the one referred to as “decentralized solutions with intermediaries” in Armelius et al. (2020). The central bank would not maintain the full record of retail transactions. This could release the central bank from the duty to oversee anti-money laundering/combating the financing of terrorism (AML/CFT) risks and also reduce some operational risks for the central bank (such as the attractiveness of the central bank as a target for cyber attacks).

8 Importantly, this supervision is different to conventional banking supervision, which chiefly concerns the integrity of accounting. Recall that the direct claim nature of CBDC keeps PSPs’ balance sheets out of the loop, but the information in their record-keeping systems is crucial.

15,748 Reads