The following Laws and Regulations governing Privacy, Money Laundering, Terrorism, and Financials apply in the U.S. and need to be part of any DIDO solution concerned with currency, money, financials, or cryptocurrencies. Often these Laws and Regulations are considered obstacles or barriers to innovation, but each law or regulation is developed in response to some situation that occurred in the past. To prevent a “modern” repeat of these situations, the laws and regulations should be upgraded, not ignored or overturned.
Some of these Laws, Regulations and Authorities have general applicability to DIDOs when the data stored within the DIDO refers to Personal Identifiable Information (PII) and therefore subject to the tenets of privacy. See Right to Privacy..
Some Laws, Regulations, and Authorities are relevant to DIDO when the DIDO is considered a Financial Instrument or a Security. Certain Cryptocurrencies and Initial Coin Offerings (ICOs) may be found to meet the definition of an “investment contract” under the Howey Test from which the U.S. Supreme Court ruling determined that an Investment Contract must:
Table 1 summarizes the number of Laws and Regulations covering National Security Considerations. The total number (i.e., 44
) indicates the complexity of National Security issues that confront the CBDC. The more Laws and Regulations, the more effort to coordinate the CBDC efforts and work with the Legislative and Executive Branches to keep the Laws and Regulations current with CBDC efforts.
National Security Consideration | No. of Laws and Regulations |
---|---|
Human Trafficking | 14 |
Drug Trafficking | 9 |
Corruption | 10 |
Money Laundering | 11 |
Total | 44 |
National Security Considerations are concerned with: Human Trafficking, Drug Trafficking, Corruption and Money Laundering. These are discussed in more detail in the following subsections:
Category | Desirements |
---|---|
Benefits | B0005, B0052, B0053 |
Policies and Considerations | P0005, P0024, P0028 |
Risks | |
Design | D0013, D0016, D0017 |
B
= Benefit, P
= Policy, R
= Requirement, D
= Design.The “desirements” specified in White Paper and identified by the OMG's CBDC WG White Paper Analysis as Security Issues are listed in Table 3.
Desirement No. | Desirement Text | Comment | ||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
B0005 | Protect against criminal activity | | Criminal Activity is a broad, extensive topic that requires an understanding of the U.S. Laws and Regulations as well as international treaties and agreements. Within the context of the CBDC, criminal activity can be one more of the following:
|
||||||||||||||||||
B0052 | Prevent Financial money laundering crimes | There are already quite a few Laws and Regulations within the U.S. to cover Money Laundering. However, within the context of CBDC, these laws need to be reviewed, updated, or amended to reflect Digital Currency and how it might be used in Criminal Activities. |
||||||||||||||||||
B0053 | Provide resiliency to threats to existing payment services—including:
| 1. Operational Disruptions occur when there is a failure in the infrastructure of the CBDC. This implies a compound Non-Functional Requirement that needs to be levied on the CBDC. The following Non-Functional requirements need to be specified for the CBDC:
Note: Although the OMG DIDO-RA provides general definitions for these non-functional requirements, only the Federal Reserve, in conjunction with the CBDC Stakeholders, can define these requirements in terms of the CBDC. This process takes time and there are no shortcuts. It is part of the System Engineering process. 2. Cybersecurity Risks, as with Operation Disruptions, represent a compound non-functional requirement for the CBDC. The following Securability Non-Functional requirements need to be specified for the CBDC:
Securability is also a layered stack: The layers of Security: |
||||||||||||||||||
P0005 | Protect against criminal activity |
See |
||||||||||||||||||
P0024 | CBDC would need to comply with the U.S. robust rules |
|
||||||||||||||||||
P0028 | Require significant international coordination to address issues such as:
| 1. Common Standards: There are lots of “common standards” that can apply to Blockchains. See within each of these sections for a list of applicable standards: Unfortunately, within the “blockchain” world, there is confusion about what constitutes a standard. Often, if something is Open Source, it is considered a standard. However, often these projects lack the rigor needed to be considered a “standard”. Also, see the discussion in the DIDO RA on Talk Openly Develop Openly (TODO) and look at the DIDO RA definition of a Standards Developing Organization (SDO).
2. Infrastructure:
The CBDC Infrastructure needs to be considered Mission Critical since any loss of functionality could be considered as a threat to survival. This is why the desirements: 3. Types of Intermediaries able to access any new infrastructure:
4. Legal Frameworks: There are already legal frameworks in place to handle: Although these frameworks were developed without a CBDC, they already “comply with the United States are subject to robust rules” and are continuously being reviewed, updated, and amended based on new information obtained from the field. As part of this process, these frameworks need to add to the existing frameworks rather than created new frameworks. 5. Preventing Illicit Transactions: There are two areas within the existing legal frameworks covering Illicit transactions:
Although these frameworks were developed without a CBDC, they already “comply with the United States are subject to robust rules” and are continuously being reviewed, updated, and amended based on new information obtained from the field. As part of this process, these frameworks need to add to the existing frameworks rather than created new frameworks.
6. Cost and Timing of Implementation:
The CBDC is a complex issue that, once released, could have a life expectancy of many, many years. Only through extensive Systems Analysis, Engineering, Design, and Testing will CBDC have the stability it needs to instill confidence in the public ( |
||||||||||||||||||
D0013 | Design should facilitate compliance with a robust set of rules already intended to combat
|
1. Money Laundering:
There are roughly The CBDC must at least start from the same place as the existing systems with as many of the rules in place as possible in order to prevent the entire system from imploding. It also needs to assess the current sets of Laws and Regulations to determine if there are required updates or amendments that need to be made before the CBDC can “go live”. 2. Financing of Terrorism: The main way to finance terrorism is to engage in Financial Crimes. There are four main areas of Financial Crimes used to fund terrorism:
The U.S. and much of the rest of the world have developed extensive systems of Laws and Regulations to combat these crimes and the design of the CBDC should use and leverage these existing systems rather than try to build something new. 3. Customer Due Diligence: There are two main tools of the Anti-Money Laundering (AML): Both of these are well understood and documented in the existing system by Intermediaries. Regardless of the Currency Model used for the CBDC (i.e., Digital Cash Model or Digital Account Model), it should embrace these existing sets of tools and adapt them as need be. 4. Record Keeping: Under the US Patriot Act, Title III: Anti-money-laundering to prevent terrorism of 2001 Title III facilitates the prevention, detection, and prosecution of international money laundering and the financing of terrorism Second Subtitle attempts to improve communication between law enforcement agencies and financial institutions, as well as expanding record-keeping and reporting requirements. Also, under the definition of Financial Crimes provided by the Federal Reserve, financial institutions must comply with a robust set of rules that are designed to combat Financial Crimes. These rules include Customer Due Diligence, record keeping, and reporting requirements. Therefore, the CBDC should rely on the existing Intermediaries to help provide well-documented, tried, and true Record Keeping. Blockchain Technology may help alleviate some of the record-keeping responsibilities, but the blocks must include enough information to support record-keeping and reporting requirements. 5. reporting requirements: See number 6 above. |
||||||||||||||||||
D0016 | Design should include offline capabilities to help with operational resilience of the payment system | |||||||||||||||||||
D0017 | Design should include digital payments in areas suffering from large disruption, such as natural disasters | |||||||||||||||||||
B = Benefit Considerations |
||||||||||||||||||||
P = Policy Considerations |
||||||||||||||||||||
R = Risk Considerations |
||||||||||||||||||||
D = Design Considerations |