News reaction: Bank for International Settlements (BIS) publishes Project Polaris outputs focusing on ‘secure and resilient’ CBDC systems

We are living in an increasingly digital world and with a growing dependency on online payment systems which can be impacted by system outages, cyber-attacks, and natural disasters, Central Bank Digital Currencies (CBDCs) are being actively considered by major economies across the globe.

CBDCs could provide a range of benefits to users, from financial inclusion to digital payment alternatives for those unable to use mainstream options, but they also present resilience and security challenges and considerations that must be addressed if they are to become a sustainable form of currency.

Project Polaris is a newly published framework from the Bank of International Settlements (BIS), an international financial institution owned and governed by central banks. The new framework focuses on designing “secure and resilient CBDC systems, offline and online”, allowing national banks to secure our connected future through improving the resilience of payment systems and providing backup in times of crisis.

In the framework, escrow has been highlighted as a pivotal step for secure and resilient CBDC systems with central banks urged to ‘prepare’ in the earliest stage possible, setting escrow as a resilience baseline for all global CBDC’s moving forward.

“The central bank's CBDC service continuity plan includes exit strategies to maintain the CBDC system's operational resilience in the event of a failure or disruption at a third party impacting the CBDC system's operations, which should include escrowing the third party's software source code and other artifacts that can be used to reconstruct the software, where applicable.”

On the inclusion of technology escrow within the new guidelines, Wayne Scott, Regulatory Compliance Solutions Lead for the Software Resilience division of NCC said:

“It is wonderful to see the Bank of International Settlements continuing the global regulatory trend of naming technology escrow a vital component of the resilience planning for global CBDCs.

“CBDCs have the potential to revolutionize the global payments system rapidly and it is paramount to ensure that the technology behind the CBDCs remains available even if the suppliers fail.

“Setting a resilience baseline that protects CBDC from the non-cyber related risks of supplier failure, service deterioration and concentration risk puts these projects on firm footing to go forward with confidence.”

Jon Renshaw, Deputy Director of Commercial Research comments:

“The Project Polaris reports from BIS are useful and practical contributions to the developments in CBDC. The security and resilience framework gives central banks a framework built on best practice, and in familiar language, but tailored to some of the unique cyber security challenges in CBDC.

“Particular highlights include the recognition that central banks will need to develop new competencies to understand and run this new type of system securely, clear guidance on recommended security maturity at various stages of deployment, and a new set of control objectives specific to CBDC.”