CBDCs Will Be a Regulation Nightmare – Experts Talk Compliance

Why Trust Techopedia Crypto

Money is changing. The possibilities allowed by programmable money have yet to surface deeply, but they are already happening in decentralized finance, and TradFi is taking its first steps into the water.

But it is among the most controversial aspects of digital currency design, especially as governments and central banks explore the adoption of central bank digital currencies (CBDCs).

Let’s take, for instance, a government-backed benefits scheme that distributes money — but enforces, by code, that the money is only used on certain products or services. Is that a good thing? A bad thing? It’s possible to argue the case in both directions.

Techopedia explores the pros and cons of programmable money and how it may need its own laws as it changes the landscape of money.

Key Takeaways

  • The revolution of money is coming — programmable money, enabled by smart contracts, is going to open a lot of questions.
  • Programmable money streamlines processes for financial institutions, particularly in AML and KYC requirements.
  • However, it triggers debates over privacy infringement and individual freedom — with governments and even individual U.S. states having vastly conflicting opinions.
  • While some see programmability as beneficial for targeted benefits and promotions, others fear government surveillance and control.
  • Privacy-enhancing technologies, like zero-knowledge proofs, are proposed solutions, but there is still plenty to figure out.

Programmability as a Compliance Tool

As Nancy Cheng, Principal, Strategic Planning and Corporate Development at Hang Seng Bank, put it at the recent Digital Economy Summit in Hong Kong:

“This is one of the most important features that a CBDC could offer to the industry, in which we could build smart contracts with CBDC transactions, and we could build in the predefined conditions in every transaction.”

The distinction between different types of programmability is significant: Programmable payments are transactions that execute automatically based on predefined conditions, whereas programmable money refers to digital currency that is embedded with specific properties and rules — coded into smart contracts — which determine how it can be spent and who can use it.


For example, in supply chain transactions, a programmable CBDC could facilitate the completion of settlement only when certain conditions are met according to the contracts and trigger penalties if there is any non-compliance in the transactions.

Cheng noted: “Overall, this can improve the efficiency of international trade finance and at the same time help the bank to improve risk management.”

Programmability can also help financial institutions to re-engineer internal processes to make them more transparent and efficient in meeting compliance requirements, said Dayong Zhang, Chief Commercial Officer at Hashkey Group, which is participating in Hong Kong’s CBDC pilot projects.

Developers can encode regulatory requirements into programmable money directly to automate compliance checks. This can enable banks and payment firms to enforce anti-money laundering (AML) and know-your-customer (KYC) requirements, and reduces the need for time-consuming and costly manual intervention.

Zhang said:

“People will know where your money is, what is happening and also all those risk controls, such as AML [controls] will give everybody a mutual view of what is happening. This will also reduce the cost of the movement of assets and money transfer.”

Financial service providers can therefore share information from programmable digital currencies and tokens automatically to help detect money laundering, terrorism financing and other illegal activity.

In something that is both an opportunity and a threat, regulators can set detailed rules for the use of programmable money, restricting certain transactions or imposing time-based conditions.

Programmable money can be used for dynamic risk management, by embedding risk parameters into smart contracts that can adjust transaction limits based on profiles.

This can make it easier to comply with audits and legal investigations by providing enhanced, real-time traceability. By verifying the identity of parties involved in a transaction or ensuring that funds are only released once certain conditions are met, smart contracts can reduce the risk of fraud and non-compliance by eliminating the need for intermediaries and increasing security.

One of the primary applications for CBDCs is cross-border payments – in part because programmable money can automate compliance checks as well as currency conversion and payment settlement.

“A CBDC is not just a token, it’s more like infrastructure; with its smart contract and programmable attributes it will give financial institutions more power, more possibilities to build different kinds of innovative digital assets,” Zhang said.

However, programmability has become a contentious issue as it can infringe on individual users’ rights, and compliance with privacy law.

How Programmability Raises Privacy Concerns

In the U.S., opposition to a CBDC is growing, primarily on the grounds that it would increase the government’s ability to track financial transactions and control an individual’s access to money or certain types of transactions.

The state of Nebraska is the latest to pass anti-CBDC legislation, with the governor signing a law on April 25 defining money as coins and paper and specifying that “money does not include central bank digital currency”.

“A main concern with the implementation of a CBDC is the invasion of financial privacy and personal freedom,” said Nebraska State Senator Rob Clements in testimony earlier this year.

“A CBDC with a central ledger would allow the government to see all transactions by citizens. It could be used to greatly expand surveillance by putting our financial records on government databases. A CBDC would also present the opportunity for the government to control the availability of finances based on social credit scores.”

Tennessee, North Carolina, Florida, South Dakota, and Indiana have also advanced or signed into law legislation containing “anti-CBDC language”.

A bi-partisan American Privacy Rights Act was introduced to the House of Representatives and the Senate in April that would set clear national data privacy rights, much like the EU’s General Data Protection Regulation (GDPR), which would also be at odds with the idea of programming currency to trace transactions or direct how money can be spent.

The People’s Bank of China’s digital yuan pilot has made use of programmability of money, allowing some merchants to offer special promotions to customers based on their spending. However, central banks such as the European Central Bank and the Bank of England, have said that legislators should clearly specify in law that their CBDCs will not include programmability of money.

Meanwhile, the Central Bank of the Republic of Turkey, currently in the second phase of its CBDC pilot, is exploring programmable payments for the digital lira and not the programmability of money. And countries like India are experimenting with a measure of programmability so that CBDC money allocated for a specific use will not be repurposed.

The Reserve Bank of India (RBI) has proposed using programmability to facilitate transactions for targeted purposes, such as ensuring citizens can only use government benefit payments for specific purchases, or businesses defining employee expenditure.

This does not change the fungibility of the currency, but uses the digital format to introduce new functionality, RBI governor Shaktikanta Das said.

“We should be open about our CBDC design,” said Professor Man Ho Allen Au of the Department of Computing at The Hong Kong Polytechnic University, a member of Hong Kong’s CBDC expert working group, at the Digital Economy Summit.

“Privacy-enhancing technology should be strategically integrated with the design of the CBDC, not just something that is added afterward.”

The Hong Kong Monetary Authority’s working group is exploring “how can we build CBDC with privacy by design so that on the one hand we can verify the integrity of the transaction and at the same time still respect the privacy of the individual users.”

Privacy-enhancing technology includes the use of pseudonyms and advanced cryptographic techniques, such as zero-knowledge proofs (ZKPs) and multiparty computation, to support transaction verification without revealing users’ personal details.

Au said the challenge is determining whether these will affect performance, whether they will be compatible with different CBDC architectures, and whether they will work well with compliance requirements.

The Bottom Line

Programmability provides ways in which the use of digital currency can help financial firms to comply with regulatory requirements, such as AML and KYC, in a more efficient, transparent, and cost-effective way. But it also raises concerns about compliance with privacy and personal data protection laws.

As governments continue to explore CBDCs, questions surrounding compliance and privacy will need to be answered for their use to become widespread.


Related Reading

Related Terms

Nicole Willing
Technology Journalist
Nicole Willing
Technology Journalist

Nicole is a professional journalist with 20 years of experience in writing and editing. Her expertise spans both the tech and financial industries. She has developed expertise in covering commodity, equity, and cryptocurrency markets, as well as the latest trends across the technology sector, from semiconductors to electric vehicles. She holds a degree in Journalism from City University, London. Having embraced the digital nomad lifestyle, she can usually be found on the beach brushing sand out of her keyboard in between snorkeling trips.