Retail CBDCs at a Crossroads: IMF Highlights Urgent Integrity Risks and Policy Gaps

The International Monetary Fund’s Fintech Note “Financial Integrity Implications of Retail Central Bank Digital Currencies (rCBDCs)”, drawing on research from the IMF Legal Department, the FATF Secretariat, the Bank of England, the Financial Intelligence Unit of Latvia, and academic contributors, warns that state-issued digital currencies could profoundly reshape how the world combats illicit finance. Even at this early stage, cases such as criminal abuse of China’s digital yuan demonstrate that rCBDCs are not immune to money laundering or terrorist financing risks. As dozens of central banks test and pilot new forms of digital legal tender, the report positions itself as both guidance and caution for policymakers navigating largely uncharted terrain.

Design Choices That Shape Financial Integrity Risks

The Note underscores that rCBDCs aimed at everyday consumers present far more complex AML/CFT challenges than wholesale CBDCs used by banks. The integrity profile of any CBDC is shaped by choices such as whether it is token-based or account-based, centralized or decentralized, and distributed through direct or intermediated models. Token-based systems mimic the anonymity of cash and therefore carry the highest inherent risks. Fully decentralized or permissionless platforms may also limit a central bank’s ability to freeze, reverse, or monitor transactions. Conversely, highly centralized models place heavy operational and compliance burdens on central banks, potentially pulling them into unfamiliar roles that stretch their mandates and raise questions about governance and independence.

Navigating FATF Standards in a Digital Currency World

A central focus of the Note is how the Financial Action Task Force Standards, long the backbone of global AML/CFT frameworks, apply to rCBDCs. Policymakers are urged to conduct forward-looking risk assessments before launching any CBDC, given that Recommendation 1 requires jurisdictions to identify and mitigate risks posed by new products and technologies. Some design features could strengthen integrity by improving traceability, while others, such as privacy-preserving tools, pseudonymous wallets, and offline functionality, risk creating blind spots that impede suspicious-transaction detection. Offline wallets are particularly problematic because transactions may not immediately sync with the ledger; they could temporarily resemble digital bearer instruments, delaying detection of criminal activity.

The Challenge of Customer Due Diligence and Data Governance

Customer due diligence emerges as one of the most debated issues in CBDC design. Several jurisdictions are considering tiered wallets that allow low-value users to transact with minimal identification. The IMF warns that such simplifications must be strictly risk-based and supported by caps on value, velocity, and allowable use cases. Even the simplest tier, it argues, should require at least a self-declared name. Without careful calibration, rCBDCs risk inadvertently eliminating remaining spaces for legitimate low-value transactions outside the AML/CFT net, spaces currently filled by cash. Record-keeping responsibilities also shift dramatically depending on the model. Direct CBDC systems require central banks to store and manage user information, raising privacy concerns and exposing tensions between data immutability on distributed ledgers and legal requirements such as the “right to be forgotten.”

Opportunities and Unresolved Global Challenges

Despite the risks, the Note highlights substantial opportunities. Unified rCBDC ledgers could enhance transaction monitoring, strengthen supervisory efficiency, and reduce redundancies in customer data collection. Programmable compliance, embedding AML/CFT rules into smart contracts, could automate some obligations. But these innovations remain speculative and depend on strong underlying data quality; without it, automation may simply amplify existing flaws. The report also warns that new supervisory pressures may threaten central bank independence if they become AML/CFT-obliged entities subject to oversight and sanctions. Cross-border CBDCs introduce even greater complexity, raising the risk of regulatory arbitrage and fragmented enforcement unless countries coordinate their regimes.

The Note concludes that rCBDCs do not operate in isolation. Any weaknesses in a country’s existing AML/CFT framework will persist, and may deepen, once digital money is introduced. Policymakers must therefore strengthen institutional foundations before rollout. rCBDCs hold the promise to enhance transparency and modernize payments, but they could just as easily become high-speed channels for illicit finance if poorly implemented. The global financial system stands at a pivotal juncture: whether rCBDCs deliver integrity gains or integrity vulnerabilities will depend on how effectively countries balance innovation with rigorous, forward-looking governance.