key: cord-0547674-g154fekk authors: Goodell, Geoffrey; Al-Nakib, Hazem Danny; Tasca, Paolo title: Digital Currency and Economic Crises: Helping States Respond date: 2020-06-04 journal: nan DOI: nan sha: 409e3d91dd4934bfdba2eeba59cc01ee86a3db81 doc_id: 547674 cord_uid: g154fekk The current crisis, at the time of writing, has had a profound impact on the financial world, introducing the need for creative approaches to revitalising the economy at the micro level as well as the macro level. In this informal analysis and design proposal, we describe how infrastructure for digital assets can serve as a useful monetary and fiscal policy tool and an enabler of existing tools in the future, particularly during crises, while aligning the trajectory of financial technology innovation toward a brighter future. We propose an approach to digital currency that would allow people without banking relationships to transact electronically and privately, including both internet purchases and point-of-sale purchases that are required to be cashless. We also propose an approach to digital currency that would allow for more efficient and transparent clearing and settlement, implementation of monetary and fiscal policy, and management of systemic risk. The digital currency could be implemented as central bank digital currency (CBDC), or it could be issued by the government and collateralised by public funds or Treasury assets. Our proposed architecture allows both manifestations and would be operated by banks and other money services businesses, operating within a framework overseen by government regulators. We argue that now is the time for action to undertake development of such a system, not only because of the current crisis but also in anticipation of future crises resulting from geopolitical risks, the continued globalisation of the digital economy, and the changing value and risks that technology brings. The forced SARS-CoV-2 lockdown stopped a significant share of the real economy activity across the entire world. In retrospect, it might seem that the decision to impose lockdown restrictions was straightforward. However, it is increasingly apparent that restoring the previous level of economic activity will require some sort of stimulus, introducing the question of whether the orthodox instruments of liquidity injection into the financial markets are the right tools. In this article, we consider whether an appropriately designed digital currency would provide a useful alternative during financial and economic downturns. Specifically, we show how digital currency based on distributed ledger technology (DLT) can: • address the problem of resource distribution and allocation, and • reach the real economy directly, to support individuals and businesses most in need of support. We begin by introducing the following taxonomy of public digital currency. On the top level we define the Digital Value Container (DVC), a form of digital asset infrastructure that includes all the forms of public digital currencies issued by the State (either a central bank or the executive and legislative branches of the government) that are part of the macroeconomic tools used to manage or stimulate the economy. DVC can further be segregated into: • Central Bank Digital Currency (CBDC), a fiat-based digital currency issued by the central bank as part of the monetary policy toolbox; and • Fiscal Digital Currency (FDC), an asset-based or fiscal-based digital currency issued by the Treasury as part of the fiscal policy toolbox. We consider the varied and inconsistent nature of economic crises broadly, using the current SARS-CoV-2 crisis as a touchstone. We begin with the consensus that SARS-CoV-2 crisis is not a financial crisis but a healthcare system crisis driven by an exogenous shock and exacerbated by heightened levels of public and private debt, as well as a labour market crisis in the real economy resulting from the response to SARS-CoV-2. We argue that any solution that seeks to address the current situation by resorting only to injection of liquidity into the markets, as if the nature of the crisis were essentially financial, will inevitably be weak and temporary. Banks are stronger now than 10 years ago. Capital requirements are higher, regulation is tighter, and the financial services industry continued to run without discontinuity even during the lockdown. We are not proposing a solution to a pandemic, nor are we proposing that a digital currency is a proportionate response to a pandemic. Rather, we are suggesting that the pandemic exacerbated certain underlying risks and ultimately led to policies that had a particular effect on national and global economies. In light of this, we propose a new tool for fiscal and monetary policymakers thinking beyond the current crisis to future crises, which may be even more difficult to address. In response to the 2008 US subprime credit crisis, the 2008-2009 Global Financial Crisis, and the 2011 sovereign debt crisis, central banks injected a great quantity of liquidity into the markets via unconventional monetary policies which led to near-zero interest rates for commercial and household loans. Indeed, OECD statistics show that aggregate leverage, as measured by the debt-to-equity ratio of financial corporations, increased in 22 of 30 OECD countries between 2006 and 2011 [1] . Paradoxically, the programs used to solve the past financial crisis could turn out to be detrimental for the current crisis. Today's vulnerability does not lie mainly in the financial sector, but in the wide range of indebted companies that will see revenues fall below critical levels. In this paper, we argue that DVC as CBDC or FDC can represent an alternative, measured, and appropriate policy tool that also enables existing policy mechanisms to target companies and people in need, to support long-term continuity and stability. Our proposal is set around creating the infrastructure for cultivating economic activity and exchange in all circumstances while maintaining the privacy of users. Some risks are impossible to detect or even imagine in advance. Disasters such as Hurricane Katrina in 2005, the Deepwater Horizon oil spill in 2010 and the Fukushima nuclear accident in 2011 were unexpected and extremely damaging. Likewise, SARS-CoV-2 belongs to this category of risks that are unknown-unknown: shocks that are unidentified and uncertain, and which might be a consequence or exacerbator of recent policy or existing risks. Who would ever imagine that a virus possibly triggered in a live-animal market of Wuhan would have locked-down entire continents for months? The challenge we face is not only the shock itself but the reaction to the shock. The major obstacle to addressing SARS-CoV-2 is the endogenous risk amplification mechanism that will derive from actions taken as the shock gathered momentum from the endogenous response of people, firms, and governments. The lockdown is damaging the overall economy, and projections for 2020 by the IMF are that both advanced and emerging economies will be in recession with a growth level of -6.1% for the advanced economies and -1.0% for emerging and developing economies 1 [2] . The current shock to the global economy, exacerbated by the SARS-CoV-2 pandemic is more severe, faster, and more multi-faceted than both the Global Financial Crisis and the Great Depression. In both prior periods, unemployment rates soared above 10%, annualized GDP contracted significantly due to deflation, insolvencies skyrocketed, and stock markets collapsed. While those scenarios played out over three years in the previous crises, the current crisis has demonstrated similar attributes over the space of four weeks. 2 Central banks of several countries have maintained a zero or near-zero policy rate to date, and governments around the world have announced (and as of today, partially implemented) massive fiscal stimulus measures to stimulate the economy. Several central banks and governments have recently announced new measures of monetary and fiscal policy, ranging from quantitative easing and various types of asset purchase programmes, such as 200 billion by the Bank of England [7] and over e750 billion by the EU [8] . By quantitative easing (QE), we refer to the central bank conducting asset purchases by printing new money from the private market that is mediated by banks, who then interact with nonbanks, and we mean to implicitly include all of its various forms. 3 Central banks have also cut interest rates that were already low, such as the Bank of England reducing its policy rate by 0.65% to 0.1% [9] and the US Federal Reserve reducing its policy rate to 0-0.25% from 1-1.25% [10] , and governments have implemented direct fiscal stimulus programmes, including over $2 trillion in the US and over $15tn across the G10 countries [11] , each with the aim of stimulating the economy [12] . The parts of the economy that will suffer the most are characterised by millions of self-employed persons as well as small and medium-sized companies, particularly in the tourism and service industries, that will have difficulty remaining in the market, especially in countries with large informalities. Those areas of the economy are more disadvantaged and unprotected as they will not have access to the funds channelled through open market operations led by central banks, and also because they will face gatekeepers, bureaucracy, and other obstacles to accessing funds and financial support imposed by the banking sector. The result is a set of gaps in the global economy that are not covered by existing response mechanisms. To preserve those areas of the real economy, such market participants will need a fast and efficient transfer of in-kind and cash contributions. For this reason, we acknowledge the growing literature on CBDC and extend it by emphasising the potential role of FDC as new policy tool that could be introduced into the toolkit of treasury departments to better support economic, social, and environmental objectives, especially in times of crisis. In contrast to traditional fiscal policy and monetary policy transmission mechanisms, DVC based on distributed ledger technology can offer almost cost-free instant cash transfers where it is needed. A particularly interesting innovation is that DVC can enable programmable money, which introduces a series of features that make DVC a valuable alternative policy tool and payment infrastructure. In line with the above observations, we propose a DLT-enabled digital currency system which has been argued to deliver a variety of economic and operational benefits [13] . In this article, we mainly focus on CBDC rather than FDC, 4 highlighting the most important characteristics of our approach, with the rest being left to policymakers whose objectives are specific to context, timing, and location. IMF research by Tommaso Mancini-Griffoli and others identified a tension in the potential design features of a CBDC [14] , which we recast and sharpen here as a trilemma involving scalability, control, and privacy, of which not all three can be fully achieved at the same time in the context of private ownership and use of money. Bank accounts have near-perfect scalability and control at the expense of privacy. Cash has privacy and a measure of control that limits its scalability. It is difficult to imagine a system with perfect control because it would result in real ownership being meaningless and because there will always be some malfeasance in use. The same is true with perfect privacy because there will always be software bugs and timing attacks as well as limited practical uses, whereas perfect scalability would mean that sufficiently large transactions are not endogenously meaningful or that the system does not truly serve the public interest. Mancini-Griffoli and his co-authors are right in their assessment that anonymity is an important feature of cash, that privacy of transactions is essential, and that the specific design features of CBDC could have a significant impact on financial integrity [14] . Our proposal provides a solution with the flexibility to accommodate the widely-acknowledged requirements and goals of CBDC and which is more akin to cash. Specifically, it delivers a measure of control by restricting peer-to-peer transactions. However, it does not offer the near-total degree of control that seems to be taken as a requirement in some designs [15] , and instead its retail applications are exposed to a corresponding limitation to their scalability, but not one that cannot be overcome by introducing additional control, in limited contexts, outside the operating plane of the ledger. Our system provides a model for modulating the degree of control, allowing government actors to finely tune their choice of trade-offs in the trilemma. For example, it might require that certain (or all) businesses cannot accept payments larger than a certain size without collecting or reporting additional information that limits privacy, or it might require that some individuals or non-financial businesses have a larger or smaller cap on the volume of their withdrawals into private wallets. To draw an analogy, it operates like an automated conveyor belt holding keys that are trying to meet a lock, and if they are the right fit, as determined either at large or on a case-by-case basis, then the transactions take place in an automated way. It is the intrinsic design of our proposal that ensures privacy for its transactions; our design seeks to be private by default. We do not envision privacy as something that can be bolted on to a fully-traceable system (for example, with "anonymity vouchers" [16, 17] ) or that can depend upon the security or protection offered by some third party. Conversely, the features that apply on a case-by-case basis, such as limits to the size of withdrawals to anonymous destinations or limits to the size of remittances into accounts from private sources, that are external to the core architecture and can be managed by policy. In May 2020, Yves Mersch, Vice-Chair of the Supervisory Board and Member of the Executive Board of the European Central Bank, acknowledged the importance and significance of preserving privacy, suggesting that an attempt to reduce the privacy of payments would "inevitably raise social, political and legal issues" [18] . This is important for three reasons. First, no digital currency, token-based or otherwise, would guarantee complete anonymity: consider the potential for timing attacks and software bugs. Even bank notes do not achieve perfect anonymity; consider their serial numbers, and the possibility wherein individual notes can be marked. Nevertheless, we must consider the implications of systems that attempt to force users into payment systems with different anonymity properties and trade-offs in general. Second, we have an opportunity to demonstrate a system that can achieve and deliver a measure of true privacy, in contrast to an assumption that there must be exceptional access, or that privacy is not the starting point but rather something that should be protected by an authority [19] . Such a system, which we describe in Section 3, would constitute an improvement over both the various institutionally supportable digital currency systems that have been proposed to date as well as the various "outside solutions" involving permissionless ledgers that are used in cryptocurrencies such as Zcash and Monero. Third, it demonstrates that privacy is sufficiently important that we should not rush headlong into creating infrastructure, or allowing infrastructure to be created, that might forcibly undermine it. In contrast to data protection, which is about preventing unauthorised use of data following collection, privacy is about preventing individuals (and in some cases businesses) from revealing information about their (legitimate) habits and behaviours in the first instance. As an architectural property, therefore, privacy is a fundamental design feature that cannot be "granted" or "guaranteed" by some authority. In the same statement, Mersch also stressed the importance of the role of the private sector in operating a network for payments: "[D]isintermediation would be economically inefficient and legally untenable. The EU Treaty provides for the ECB to operate in an open market economy, essentially reflecting a policy choice in favour of decentralised market decisions on the optimal allocation of resources. Historical cases of economy-wide resource allocation by central banks are hardly models of efficiency or good service. Furthermore, a retail CBDC would create a disproportionate concentration of power in the central bank." [18] A few months before Mersch's speech, Tao Zhang, Deputy Managing Director of the International Monetary Fund, also offered his opinion on the current set of proposals for CBDC, which he said "imply costs and risks to the central bank" [20] . We argue that his conclusions follow from the proposals that have been elaborated so far by central banks, which have generally involved a central ledger operated by the central bank itself [21, 22] . We suggest that such proposals have been designed neither to be holistic nor to complement the current model of payments, settlement, and clearing that exists today. In contrast, our approach specifically avoids the costs and risks identified by Mersch and Zhang, which we characterise more specifically in Section 3.2, and is broadly complementary to the current system. Zhang also introduced the idea of a "synthetic CBDC" consisting of tokens issued by private-sector banks [20] . We argue that the desirable qualities that Zhang ascribes to synthetic CBDC apply to our proposed solution as well, except that our proposed solution still allows for "real" CBDC and other assets issued directly by the government (such as FDC), although the infrastructure would be operated by private-sector money services businesses (MSBs), which we shall describe in Section 2 and for our purposes comprise both traditional commercial banks and financial institutions as well as new entities that would only have central bank reserves as their assets and whose liabilities would in turn only be deposits. This is an important distinction, and although Zhang provides no specific description of the technical features of synthetic CBDC, we assume that it would not involve a distributed ledger and that it would not be possible to have private transactions, since the private-sector banks would have visibility into the operation and ownership of their own tokens. Finally, we argue that our approach must be token-based, with accounts used peripherally to the token infrastructure and with key design features integrated into the system itself. We specifically disagree with the argument of Bordo and Levin favouring the use of accounts [23] . Specifically, the trust property we seek is intrinsic to the token itself, not to any specific account-granting institution or system operator. We also explicitly state: Trust cannot be manufactured and must be earned. More importantly, we do not create trust by asking for it; we create trust by showing that it is not needed. The approach that we describe in Section 3 addresses this requirement directly. In 2020, local and global, non-digital and digital economies face a milieu of risks preconditioned by the growing levels in sovereign public and private accumulation of debt including liquidity traps within the economy and safety traps related to assets. It is further accentuated by the growing gap between the financial economy and the real economy, the reasons for which we shall not explore here, thus indicating a lacuna in the toolkit of monetary and fiscal policymakers in being able to bridge that gap, particularly where, for example, deposit rates (and rates in general) do not frequently and speedily respond to monetary policy, nor do the behaviour of households and firms [46] . Private household debt in the US is higher than in 2008 [47] , and in the UK it is 15% lower whereas household unsecured debt is at an all-time high [48] . We need to strengthen the monetary and fiscal policy transmission mechanisms with economic stimulus and financial stability mechanisms that are able to reach the real economy. In Section 2.1 we shall argue why and how DVC, in all its derivations as CBDC and FDC, represent an innovative underlying infrastructure that can further enrich the economic stimulus of both monetary and fiscal policies. In the second part 2.2 will continue by stressing on the role and demand for CBDC and Section 3 will propose a new model design for CBDC and FDC. DVC, as CBDC or FDC, represents a genuine risk-free asset which is capable of absorbing macroeconomic shocks and preserve its economic value that could be at the disposal of central banks and governments [49] . Governments and central banks would have a variety of tools available to them to manage their DVC and its impact and be capable of effecting quantity limits, implementing active pricing and collateralising them with sovereign bonds and other assets [50] . This is in addition to creating truly efficient payment infrastructure, which, in combination, can enhance the resilience of the financial system, increase consumer confidence, stimulate the overall economy [51] , and facilitate greater economic interactions with less friction, particularly during times of economic difficulty [52] . Fiscal Policy Transmission Mechanisms. As highlighted in Section 1.1, the post-SARS-CoV-2 world economy will inevitably fall into recession. During recessions, post-Keynesian economists promote the direct intervention of the State in the economy to encourage and sustain the private sector and internal consumption [24] . Historically, the mechanism of economic stimulus split into monetary and fiscal stimulus. Monetary policy is controlled by the central bank which primarily uses tools such as modulating the discount rate, performing open market operations and QE, and adjusting the reserve ratio. In the case of a real-economy shock, monetary stimulus attempts to increase the amount of money and credit in the economy to boost consumption. These mechanisms generally rely upon the traditional banking and payment sectors as channels of transmission of credit or liquidity stimulus. However, in times of shocks to the real economy, the overall expansion of the money supply to influence inflation and growth may have less impact on the real economy. Since the monetary transmission mechanisms mostly rely upon the channel of bank credit to firms, tighter credit supply impairs the transmission of monetary policy to the real economy [25] . No one can prevent a solvent bank from refusing to lend to firms. Indeed, a weakly capitalised bank may improve its solvency metric by cutting credit exposures. Concerning this, the asset purchase programs by central banks of private non-financial securities has been designed to unblock the transmission of accommodating financial conditions through banks to ultimate borrowers [26, 27] . However, those asset purchase programs are generally designed for listed securities which respect the designated selection criteria. For example, the Pandemic Emergency Purchase Program (PEPP) recently put in place by the ECB as a further response to the SARS-CoV-2 crisis sets stringent minimum rating requirements for corporate bonds purchase [28] . As a matter of fact, small and medium-sized enterprises (SMEs, i.e. firms with fewer than 250 employees), self-employed individuals, and households are cut out from these programmes. This is an issue for countries populated by SMEs which, due to their narrow equity base and limited access to credit markets, meet difficulties in finding appropriate financing [29] . 5 This impairment combined with the fact that income inequality may increase during economic crises [31] , alerts policy makers who therefore have designed alternative channels of liquidity transmission to support small firms and people living under income stress and below the limits of poverty. One possible solution to this financing gap problem has been the introduction of Credit Guarantee Schemes (CGSes) which are designed to help banks absorbing more risk from the real economy by supporting lending to low-quality borrowers [32, 33] . CGSes allow the partial transfer of credit risk stemming from a loan or a portfolio of loans. The goal is to close the financing gap by substituting collateral provided by a borrower with credit protection provided by an external guarantor, the State. In this respect, they show similarity to credit insurance products and credit default swaps. Still, the final lending decision stays with the bank, a market-based, private-sector entity that is assumed to have the expertise and technology necessary to evaluate credit applications and projects [34] . Additional schemes put in place to sustain self-employed individuals and households are Guaranteed National Income schemes, Minimum Income schemes or the Universal Income schemes. One such instrument is the "social card": a prepaid electronic payment card, generally issued by the ministry of economic development or work and pension office and their affiliates [35] . These social cards are generally deployed on top of payment networks such as Mastercard or VISA, and their use is limited only to certain authorised POS shops like groceries and food stores. Therefore, users are required to undergo the same pre-authentication and authorization procedures that apply to any other debit or credit card. However, evidence from the market suggests that these mechanisms are not always providing the expected results [36] . Only carefully designed and continuously evaluated products have a chance to deliver the associated public policy objectives. Without this type of care, such mechanisms can do more harm than good by misallocating resources to companies and citizens, by providing credit/liquidity where is not needed, or by rationing credit or liquidity where it is most needed, thus crowding out private collateral and unnecessarily increasing public debt. Additionally, theoretical and empirical studies raise concerns about the ability for CGSes to sustain the economy [41] . In particular, CGSes are considered expensive tools that pose problems of financial sustainability. At the same time, the benefits have yet to be proven, as there is no conclusive evidence that they allow additional loans to SMEs with financial restrictions [42, 43] . Indeed, economic crises are often accompanied by a flight-to-quality by lenders and investors, as they seek less risky investments, frequently at the expense of SMEs [44] , primarily because the credit rationing hypothesis is exacerbated [37] , and [38] . We conclude arguing that there are important differences between the current crisis and the 2008 financial crisis [39] , and when the target is not the financial sector but the real economy, the banking channel can turn out to be a second-best choice and ultimately a bottleneck. Thus, without entering into the debate on the origins and the basis of the "State entrepreneur" who directly intervenes to support the economy, we should ask whether new channels of financial stimulus transmissions can be designed as alternatives to traditional banking and payment transmission channels. Concerning this, we believe that it is possible to implement new types of fiscal policy transmission mechanisms in the form of FDC to better fulfil the goals of the executive and legislative branches of government. We argue that an FDC-based payment infrastructure would give the State a more direct control and understanding of the economic system under distress. Such control would permit better intervention in response to any exogenous shock and business cycle while also ensuring better individual compliance with tax collection and anti-money laundering statutes [45] . Our proposed design in Section 3 introduces a general DVC design concept that can be adjusted and turned into a government-issued electronic token that can be used to inject non-fiat based liquidity into the real economy. One possible form of liquidity could be for example represented by a tax discount (similar to the tax concessions that are generally given for example to the construction industry) to all citizens and all SMEs. In this particular case, the FDC could become a kind of electronic multi-year certificate whose coupons at maturity can be used to pay the national taxes over time. This is only an example; the FDC is a neutral value container that, based on the value or claims that it represents and its technical implementation features, it can fulfill, without using the banking transmission mechanism, one of the following four budgetary models: (1) remunerated and repayable loan; (2) remunerated and non-repayable loan; (3) non-remunerated and repayable loan; (4) outright grant. Because our solution is based on a DLT system, it can help to close the financing gap by substituting State-sponsored credit guarantees with public co-funding schemes directly targeting companies, SMEs and also people in need. By doing so we expect to achieve: 1. Elimination of the double asymmetry of information between State and bank, and between bank and borrower; 2. Elimination of credit rationing; 3. Lower funding costs; 4. Shorter liquidity-injection time. The FDC could become an instrument to revive the strength of the traditional fiscal policy and overcome some of its traditional drawbacks [40] . More generally, the FDC can be seen as a direct channel for the transmission of fiscal stimulus shocks into the economy, particularly helpful in cases wherein the efficacy and feasibility of other tools runs thin. This could be balanced by the use of CBDC as a new monetary policy instrument, as we shall discuss later in this section. We therefore think that especially in periods of crisis and downturn, State-controlled digital currencies can become an important part of the counter-cyclical public policy toolkit [62] . Monetary Policy Transmission Mechanisms. The monetary policy transmission mechanism refers to the process and efficacy by which the policy rate influences inflation and the real economy and comprises two main parts: (i) the pass through of the policy rate to other rates in the economy including the money market rate, lending and deposit rates, and (ii) how and to what extent these rates influence inflation and reach the real economy. There are presently two main forms of monetary policy; (i) traditional monetary policy; and (ii) unconventional monetary policy. Traditional monetary policy focuses on changing the short-term interest rate on reserves in order to affect changes to the real interest rate in the economy and meet the inflationary target. Unconventional monetary policy, which became prevalent during and in the aftermath of the Global Financial Crisis includes several variations, most notably QE. Other types include setting negative interest rates on reserves in order to affect long-term interest rates within the economy, forward guidance to manage expectations within the economy such that rates are viewed as being consistent in the long-run and affecting behaviour accordingly, as well as other forms of QE, such as yield curve control (which has not been effectively implemented outside of Japan since the 1940s, yet there is growing and renewed interest [54] ). It is safe to say, however, that the overnight interest rate, QE, and forward guidance and various forms of asset holdings are permanent forms of monetary policy [55] . In particular, concerning the reserve or overnight interest rates in several major economies, two major problems have been highlighted: (1) the zero-lower bound [56] and (2) the fact that rates are not always passed to market rates effectively, such as those of private borrowers [57] . With respect to the extension of QE measures, the risks that have been highlighted pertain to the excessive expansion of the central bank's balance sheet that may lead to deep financial recessions in the future and render other unconventional monetary policy tools ineffective [58] . Furthermore, the direct impact of QE is relatively small. For example, the median estimate of a bond purchase of approximately 10 percent of GDP results in eight tenths of a point in reduction of long-term interest rates [59] . Forward Guidance on the other hand, rests on the assumption that effectively communicating policy changes, or the lack thereof in the future, will affect economic decisions is somewhat at odds with the reality of today's world [55] . Neither QE nor forward guidance, broadly speaking, although initially construed in their various forms to generate private sector spending, were able to stimulate significant and long term private sector borrowing [55] . Although we do not question that all of these tools can be useful in addressing the need for stimulus, we recognise that the current environment, characterised by low interest rates and growing debt (both public and private), as well as the current crisis of the real economy resulting from an exogenous shock from outside the financial industry, together present a singular context that is unlike those in which such tools have been previously applied and that characterises potential future environments. For this reason, rather than assuming that the universe of potential methods for effective stimulus is limited by innovations of the past, we consider a broader range of approaches, starting with the question of how we can most effectively reach the real economy, particularly the ascendant digital economy, through CBDC using our DVC approach. In this context, we see the potential of CBDC as an additional monetary policy transmission tool. In particular, the ongoing discussion in the community revolves around the potential of CBDC as: (1) a countercyclical tool; (2) "helicopter money"; (3) an interest-bearing instrument; (4) a floor-system instrument; and (5) a QE instrument. We consider each in turn: 1. Several economists are now convinced that CBDC would simplify the options available [60] as well as broaden the availability of options provided to central banks in their monetary policy toolkit. It can also be seen to increase welfare if it were to reduce banks' deposit market power [61] . It has also been shown that were the issuance of CBDC to be implemented by means of purchasing government bonds equivalent to 30% of GDP [62] , it could lead to an increase in GDP of 3% over two decades, while maintaining price stability given that the real value of the CBDC could be held over time [23] . Furthermore, it is possible for the issuance and control over the supply of a CBDC to have a stabilising effect on the business cycle if adopted countercyclically [62] . Namely, this is the case if CBDC would be interest bearing, or enables functionality, such as through taxes and subsidies that allow it to mimic the effects of remuneration. Thus, CBDC would become a policy instrument that would allow for new tools to improve the effectiveness and implementation of monetary policy, such as through the stabilisation of the business cycle by being able to control the issuance of the CBDC and the countercyclicality of its price in response to economic shocks to private money creation or demand [62] , as well as equip central banks with the ability to establish price stability targets 6 as opposed to inflation targets, if they so choose [23] . 2. As we discussed previously, DVC could provide for new forms of money-financed fiscal programs through targeted "helicopter money" [66] in the sense that FDC could increase cash-like holdings within an economy by making direct lumpsum issuances to individuals, businesses and households, particularly in instances of escaping a liquidity trap and lessening the possibility of deflation, or in the event that monetary transmission mechanisms see little result or efficacy, particularly when, at present, interest rates have already been at longstanding lows [67] . This is particularly relevant in periods of economic uncertainty or a looming economic crises in the ability to capitalise the economy with outside money by means of new, novel and more direct channels. DVC would allow States including central banks to provide liquidity much faster in the case wherein cash is increased 7 and deal with risks in a much more direct, timely and targeted way, and increase reserves electronically [78] . In summary, the central bank would be capable of theoretically increasing or decreasing the supply of outside money in the real economy through direct digital channels [68] . 3. Another ongoing discussion in the community is whether CBDC should be an interest-bearing instrument. We think that an interest-bearing CBDC would make pass-through of rates more direct. For example, if CBDC were to be convertible to commercial bank deposits as we propose in our model (including for cash as a matter of design), banks would have less control in setting the interest rate on deposits. Therefore, a change in the policy rate could be transmitted much more directly to bank depositors. This would be done instead of more conventional alternatives such as bills issued by the central bank, reverse repo facilities and time deposits as liquidity absorbing instruments. The very existence of the CBDC and its being remunerated in some way could lead to strengthening the pass-through to deposit rates than it is today because commercial banks would want deposits to be at least as attractive as CBDC [74] . We do not, however, necessarily propose that interest rates would be paid to holders of digital currency; instead, we propose features that replicate it using (dis)incentives, vintages, taxes, and subsidies directly on the asset itself, as we shall discuss in Section 4. 4. Let us also consider the potential role of CBDC in the case that monetary policies are set under a floor system. Since the Global Financial Crisis, central banks have increased their reserves, primarily through a floor system whereby reserves are expanded by asset purchases to clear the market at the rate paid on those reserve balances, and whereby the policy rate is set on reserves, and not on excess reserves, which are often different. Different positions are taken as to whether the interest rate set on reserves is binding, we shall assume that due to the fact that banking currently operates in a tiered model, access to central bank money is limited due to the frictions in place. With a CBDC and MSBs holding central bank money as reserves with the central bank, this could be made more binding. It would also be possible to expand the quantity of CBDC so that the market clears at the floor. The rate could then be used on CBDC balances to guide rates in the rest of the economy, pro tanto both quantity and price of CBDC could theoretically be varied to stimulate the economy through aggregate demand. Aggregate quantity could also be expanded as a method to provide economic stimulus to the economy in a more direct and targeted way because both the price and quantity can be varied in a floor system [72] . This would similarly apply to the operation of a corridor system where supply of CBDC is reduced to create a secondary market for CBDC that clears above the rate of reserves and which could operate as an intraday market and allow for more rapid and direct monetary policy [73] . The model outlined in Section 3 addresses this discussion by allowing also MSBs, including but not limited to banks and non-financial institutions, to buy or lend within the CBDC market to trade central bank money, thus increasing liquidity, although this would remain separate from reserves [73] . Such a CBDC would become a liquid and creditworthy financial instrument. It would be similar to interest bearing central bank reserves or reverse repo facilities, although it would be tradeable and accessible by the general public (and potentially remunerated using specific features). We imagine that in practice, it could operate more similarly to short-term maturity government bills that are programmable and which have several variants available at any given time. 5. The overall goal of CBDC as QE instrument would be to sustain or increase the GDP [62] . It is important to note that the issuance of CBDC entails that the funds need to be invested by means of asset purchases [69] . A CBDC could allow MSBs that hold a reserve account with the central bank to sell assets directly to the central bank. It can therefore be much more efficient and more developed as it relates to the real economy. For example, the central bank may be able to better identify the types of business sectors for which the balance sheets of the MSBs that serve such businesses may be altered, thus strengthening the impact of the transmission of QE to the real economy. Demand for CBDC will certainly be a function of various design features and their policy objectives and ultimately determined by household preferences for payment instruments. It will be determined by, on the one hand, the features that are similar to either cash or bank deposits, and on the other novel design features that might or might not replicate a particular effect of a traditional money instrument. For example, the closer a CBDC is to cash, the more likely it will be seen as a substitute to cash, similarly with bank deposits. Ultimately, the payment choice and demand for CBDC by households will be influenced by how near they are to either or both, and how well it offsets their inherent unchangeable design qualities. Whether CBDC results in great demand and demonstrates itself to be an attractive asset to hold as a liquid, credit risk-free, and price stable central bank liability will ultimately be determined by the policy objectives and the tools used as it relates to decisions on the following: 1. access, 2. availability, 3 . remuneration and (dis)incentives, and 4. ancillary design features that may be inherent but used only for specific objectives. In addition, were a CBDC designed not to provide certain qualities of privacy, some users would remain avidly dedicated to the use of cash [75] . Our proposal, described in Section 3, disrupts this notion and shows how a measure of true anonymity can be maintained. A CBDC could support replacing private sector assets into risk free assets to address the safe asset shortage, particularly given that although bank deposits are broadly insured up to some amount, they continue to exhibit credit and residual liquidity risks. Moreover, there is demand for semi-anonymous means of payment [63] , as well as for a variety of instruments capable of being used for payment, and due to heterogeneity in the preferences of households the use of a CBDC has immediate social value [64] , both of which are direct consequences of our proposal. Our proposal frames CBDC as a distinct financial instrument but one that nonetheless shares many features with cash, including being fully collateralised and not providing for the ability to lend or rehypothecate. Moreover, we are not proposing the abolishment of bank notes, nor of bank deposits. On the contrary, we understand all three instruments to have merit and value to households and firms within an economy and can be used to complement one another and increase the overall welfare of individuals and firms through the adoption of CBDC [64] . An example of the inherent difficulties within proposals that argue for the abolition of cash is that the increase in its use is predominantly situated within lower socioeconomic segments of a community, and using CBDC to drive out cash would adversely impact those households and firms. Furthermore, the CBDC proposed in our design model relies upon the DLT infrastructure for a variety of reasons outlined in Section 3. In our view, this is currently the most plausible method of implementation whereby the central bank can collaborate with private sector firms, via either private public-private partnerships or other collaborative and supervisory models, to deliver a national payments infrastructure operated by the private sector. The use of DLT does not imply that households and retail members of the public must have a direct account or relationship with the central bank, as wrongly assumed by some. On the contrary, our design recognises the important role of MSBs, especially for identifying, onboarding, and registering new customers, satisfying compliance requirements, and managing their accounts (if applicable). MSBs do not necessarily perform all of the functions of banks, such as lending credit. Moreover, in our design, we envisage full convertibility at par across CBDC, bank deposits, bank notes, and (for authorised MSBs) reserves, both to ease its introduction and to not interfere with the fungibility and general composition of the monetary base. To whatever extent this involves limitations or the introduction of frictions will be a matter of policy. Yet, in principle, at-par convertibility for cash and bank deposits as the default is a practical and design necessity. Issuing and introducing CBDC enables a new policy tool in adjusting the (dis)incentives to hold the CBDC through its various features but also to balance the possible flight from bank deposits [53] , for which we do not see CBDC as a general substitute. The core of our proposed design is based upon an article by Goodell and Aste [80] , which describes two approaches to facilitate institutional support for digital currency. We build upon on the second approach, institutionally-mediated private value exchange, which is designed to be operated wholly by regulated institutions and has the following design features: 1. Provides a government-issued electronic token that can be used to exchange value without the need for pairwise account reconciliation. 2. Allows transaction infrastructure (payments, settlement, and clearing) to be operated by independent, private actors 8 while allowing central banks to control monetary policy and CBDC issuance, with control over the creation of CBDC but not its distribution. (The same applies to government in the case of FDC.) 3. Protects the transaction metadata linking individual CBDC (or FDC) users to their transaction history by design, without relying upon trusted third parties. In this section we describe the central assumptions underlying our proposal, and we identify the benefits of distributed ledger technology (DLT) and offer support for our claim that a DLT-based architecture is necessary. Then, we describe how our proposed mechanism for digital currency works at a system level, identifying essential interfaces between the institutional and technical aspects of the architecture. We conclude by explaining how we would leverage our proposed architecture to achieve the economic stimulus objectives of State actors and to facilitate payments by individuals and businesses. We imagine that digital currency might be issued by a central bank as "true" central bank digital currency (CBDC), or it might be issued by government as FDC, representing an obligation on a collateralised collection of State assets, such as sovereign wealth or Treasury assets. In either case, we note that in many countries (including the UK), no single party (including the central bank) has been assigned the responsibility to design, maintain, and update the rules of the process by which financial remittances are recorded and to adjudicate disputes concerning the veracity of financial remittances. We also note that responsibility to operate transaction infrastructure and supervise payment systems is different from the responsibility to create tokens and safeguard the value of State currency. In many countries, systems for payments, clearing, and settlement are a collaborative effort [81, 82] . A design that externalises responsibility for the operation of a transaction infrastructure supporting digital currency is not incompatible with the operational role of a central bank in using digital currency to create money and implement monetary policy. Our approach to digital currency differs substantively from the vision proposed by several central banks [21, 22] . We argue that the purpose of digital currency is to provide, in the retail context, a mechanism for electronic payment that does not rely upon accounts, and in the wholesale context, a means of settlement that is more robust and less operationally burdensome than present approaches. It is not to create a substitute for bank deposits, which would still be needed for economically important functions such as fractional reserve banking, credit creation, and deposit insurance. Neither is it a replacement for cash, which offers a variety of benefits including financial inclusion, operational robustness, and the assurance that a transaction will complete without action on the part of third parties. We imagine that in practice, digital currency would be used primarily to facilitate remittances that cannot be done using physical cash and that people would not be more likely to be paid in digital currency in the future than they would to be paid in cash today. We imagine that many, but not necessarily all, ordinary people and businesses would have bank accounts into which they would receive payments. These bank accounts would sometimes earn interest made possible by the credit creation activities of the bank. Banks would be able to exchange digital currency at par for cash or central bank reserves and would not generally hold wallets containing an equal amount of digital currency to match the size of their deposits. In the case of CBDC, banks would also be able to directly exchange the digital currency for central bank reserves. When an individual (or business) asks to withdraw digital currency, the bank would furnish it, just as it would furnish cash today. The bank might have a limited amount of digital currency on hand just as it might have a limited amount of cash on hand to satisfy such withdrawal requests, and there would be limits on the size and rate of such withdrawals just as there would be limits on the size and rate of withdrawals of cash. Once they have digital currency, individuals and businesses could use it to make purchases or other payments, as an alternative to account-based payment networks or bank transfers, and digital currency would generally be received into wallets held by regulated MSBs, just as cash would be. DLT offers a way to share responsibility for rulemaking among a set of peers. In the context of digital currency, DLT would provide transparency to the operation and rules of the system by restricting (at a technical level) what any single actor, including the central bank as well as government regulators, can decide unilterally. Such transparency complements and does not substitute for regulatory oversight. Although it is theoretically possible to build digital currency infrastructure using centralised technology, we argue that for it to be successful, it will be necessary for the infrastructure to use a distributed ledger. 9 First, consider the taxonomy of digital money systems shown in Figure 1 . Digital money systems include CBDC and FDC. The first question to ask is whether we need a system based on tokens rather than a system based on accounts. There are several benefits to using a token-based system, including substantially reducing the overhead associated with pairwise reconciliation and regulatory reporting. Most importantly, however, any system based upon accounts cannot offer privacy, since its design would necessarily require resolvable account identifiers that can ultimately be used to determine both counterparties to any transaction. Therefore, we must recognise that preservation of a token-based medium of exchange is necessary to the public interest, increases welfare, and maintains the critical nature of cash while providing to central banks and governments the assurance and risk assessment tools that are afforded to digital payment infrastructure platforms. There are some important questions to ask about a token-based design, including whether we need the tokens to be issued by the central bank directly, or by other institutions ("stablecoins"), or whether the tokens can operate entirely outside the institutional milieu ("cryptocurrency"). However, let us first understand why a distributed ledger is necessary. Token-based systems can be centralised, relying upon a specific arbiter to handle disputes about the validity of each transaction (possibly with a different arbiter for different transactions), or they can be decentralised, using a distributed ledger to validate each transaction ex ante via a consensus process. Specifically, we consider the question of who the system operators would be. In the case of CBDC, for example, although we assume that the central bank would be responsible for the design and issuance of CBDC tokens, we do not make the same assumption about the responsibility for the operation of a transaction infrastructure or payment system, which historically has generally been operated by privatesector organisations. As mentioned earlier, systems for payments, clearing, and settlement are often a collaborative effort [81, 82] . Indeed, modern digital payments infrastructure based on bank deposits depends upon a variety of actors, and we imagine that digital payments infrastructure based on CBDC would do so as well. The responsibility to manage and safeguard the value of currency is not the same as the responsibility to manage and oversee transactions, and the responsibility to supervise payment systems is not the same as the responsibility to operate them. A design that externalises responsibility for the operation of a transaction infrastructure supporting CBDC is not incompatible with the operational role of a central bank in using CBDC to create money and implement monetary policy. For reasons that we shall articulate in this section, we argue that a token-based solution based on distributed ledger technology is required. In our view, the benefits of distributed ledger technology broadly fall into three categories, all of which relate to the scope for errors, system compromise, and potential liability arising from exogenous or endogenous risk scenarios. We believe that each of these benefits is indispensable and that all of them are necessary for the system to succeed: 1. Eliminating the direct costs and risks associated with operating a live system with a role as master or the capacity to arbitrate. Because its database is centrally managed, a centralised ledger would necessarily rely upon some central operator that would have an operational role in the transactions. This operational role would have the following three implications. First, the central operator would carry administrative responsibility, including the responsibility to guarantee system reliability on a technical level and handle any exceptions and disputes on both a technical and human level. Second, because the central operator would be positioned to influence transactions, it would incur the cost of ensuring that transactions are carried out as expected as well as the risk of being accused of negligence or malice whether or not they are carried out as expected. Third, because the central operator unilaterally determines what is allowed and what is not, it might be accused of failing to follow the established rules. 2. Preventing unilateral action on the part of a single actor or group. Following the argument of Michael Siliski [83] , the administrator of a centralised ledger could ban certain users or favour some users over others; implicitly or explicitly charge a toll to those who use the system; tamper with the official record of transactions; change the rules at any time; or cause it to stop functioning without warning. 3. Creating process transparency and accountability for system operators. Because the administrator of a centralised ledger can make unilateral decisions, there is no way for outside observers to know whether it has carried out its responsibilities directly. In particular, its management of the ledger and the means by which other parties access the ledger are under its exclusive control, and the administrator has no need to publicise its interest in changing the protocol or ask others to accept its proposed changes. With DLT, it is possible to implement sousveillance by ensuring that any changes to the rules are explicitly shared with private-sector operators. 4 . Improving efficiency and service delivery through competition and scope for innovation. Vesting accountability for system operation in operators who are incentivised to perform would make it possible to achieve important service delivery objectives, ranging from adoption in the first instance to financial inclusion and non-discrimination, through private-sector incentives (e.g. supporting local banks) rather than top-down political directives. Each of these advantages of distributed ledger technology relates to the scope for errors, system compromise, and potential liability arising from exogenous or endogenous risk factors surrounding a central authority. DLT makes it possible to assign responsibility for transactions to the MSBs themselves. Specifically, an MSB is responsible for each transaction that it writes to the ledger, and the DLT can be used to create a (potentially) immutable record binding each transaction to the corresponding MSB that submitted it, without the need for a central actor would to be responsible for individual transactions. Our design for DVC is based on the approach described as an institutionally mediated private value exchange by Goodell and Aste [80] , which we elaborate here and further build upon. This proposal uses DLT for payments, as motivated by reasons articulated in Section 3.2. We envision a permissioned distributed ledger architecture wherein the participants would be regulated MSBs. MSBs would include banks, other financial businesses such as foreign exchange services and wire transfer services, as well as certain non-financial businesses such as post offices [81] as well. The permissioned DLT design would support efficient consensus mechanisms such as Practical Byzantine Fault Tolerance [84] , with performance that can be compared to popular payment networks. In particular, Ripple has demonstrated that its network can reliably process 1,500 transactions per second [85] . Although the popular payment network operator Visa asserts that its system can handle over 65,000 transactions per second [86] , its actual throughput is not more than 1,700 transactions per second [87] . For this reason, we anticipate that it will be possible for a digital currency solution to achieve the necessary throughput requirement without additional innovation. We assume that the only parties that could commit transactions to the ledger and participate in consensus would be MSBs, which would be regulated entities. The ledger entries would be available for all participants to see, and we imagine that certain non-participants such as regulators and law enforcement would receive updates from the MSBs that would allow them to maintain copies of the ledger directly, such that they would not need to query any particular MSB with specific requests for information. Although the ledger entries themselves would generally not contain metadata concerning the counterparties, the MSB that submitted each transaction would be known to authorities, and it is assumed that MSBs would maintain records of the transactions, including transaction size and whatever information they have about the counterparties even if it is limited, and that authorities would have access to such records. Another important feature of our proposed architecture is privacy by design. Although we argue that data protection is no substitute for privacy (see Section 1.2), Ulrich Bindseil notes that "others will argue that a more proportionate solution would consist in a sufficient protection of electronic payments data" [70] . In the case of our proposed design, we might imagine that because the entire network is operated by regulated MSBs, some people might recommend creating a "master key" or other exceptional access mechanisms to allow an authority to break the anonymity of retail DVC users. The temptation to build exceptional access mechanisms should be resisted, with appreciation for the history of such arguments [88, 89, 19] and subsequent acknowledgement by policymakers in Europe and America [90, 91] , who have repeatedly cited their potential for abuse as well as their intrinsic security vulnerabilities. Ultimately, substituting data protection for privacy would create a dragnet for law-abiding retail DVC users conducting legitimate activities, and it will never be possible for a data collector to prove that data have not been subject to analysis. To force people to use a system that relies on data protection is to attempt to manufacture trust, which is impossible; trust must be earned. Furthermore, criminals and those with privilege will have a variety of options, including but not limited to proxies, cryptocurrencies, and identity theft, available to them as "outside solutions" in the event that lawmakers attempt to force them into transparency. Unlike designs that contain exceptional access mechanisms that allow authorities to trace the counterparties to every transaction and therefore do not achieve anonymity at all, our approach actually seeks to deliver true but "partial" anonymity, wherein the counterparties to a transaction can be anonymous but all transactions are subject to control at the interface with the MSB. We believe that our design is unique in that it achieves both anonymity and control by ensuring that all transactions involve a regulated actor but without giving authorities (or insiders, attackers, and so on) the ability to unmask the counterparties to transactions, either directly or via correlation attacks. To satisfy the requirement for privacy by design, we introduce the concept of a private wallet, which is software that interacts with the ledger via an MSB that allows a retail DVC user to unlink her DVC tokens from any meaningful information about her identity or the identity of any previous owners of the tokens. Specifically, a transaction in which a fungible token flows from a private wallet to an MSB reveals no meaningful information about the history of the token or its owner. To support private wallets, a DVC system must incorporate certain privacy-enhancing technology of the sort used by privacy-enabling cryptocurrencies such as Zcash and Monero. There are at least two possible approaches [96] : 1. Stealth addresses, Pedersen commitments, and ring signatures. Stealth addresses, which obscure public keys by deriving them separately from private keys [92] , deliver privacy protection to the receiver of value [96] . Pedersen commitments, which obscure the amounts transacted to anyone other than the transacting parties [93, 94] , remove transaction metadata from the ledger records [96] . Ring signatures, which allow signed messages to be attributable to "a set of possible signers without revealing which member actually produced the signature" [95] , deliver privacy protection to the sender of value [96] . 2. Zero-knowledge proofs. Zero-knowledge proofs "allow one party to prove to another party that a statement is true without revealing any information apart from the fact that the statement is true" [96] and can potentially be used to protect all of the transaction metadata [96] . Non-interactive approaches to zero-knowledge proofs such as ZK-STARKs deliver significant performance advantages over their interactive alternatives [97] , and based upon their measured performance [97, 98, 99] , we anticipate that such operations will be fast enough to suffice for point-of-sale or e-commerce transactions. Because privacy-enhancing technologies require vigilance [100] , MSBs and the broader community must commit to audit, challenge, and improve the technology underpinning the privacy features of this design as part of an ongoing effort [80] . The transparency afforded by the use of DLT can provide the basis by which the broader community can observe and analyse the operation of the system to ensure that transacting parties remain protected against technologically sophisticated adversaries with an interest in de-anonymising the DVC users for the purpose of profiling them. Figure 2 depicts a typical user engagement lifecycle with CBDC, which we anticipate would be a typical use case for DVC. This user has a bank account and receives an ordinary payment via bank transfer into her account. Then, the user asks her bank to withdraw CBDC, which takes the form of a set of tokens that are effectively transferred to her private wallet via a set of transactions to different, unlinkable addresses that her bank publishes to the ledger. Later, the user approaches a merchant (or other service provider, either in-person or online, with a bank account that is configured to receive CBDC. Using her private wallet, the user interacts with point-of-sale software operated by the business, which brokers an interaction between her private wallet and the merchant's bank wherein the bank publishes a set of transactions to the ledger indicating a transfer of CBDC from the user's private wallet to the bank, credits the merchant's account, and informs the merchant that the transaction was processed successfully. The privacy features of the ledger design and the private wallet software ensure that the user does not reveal anything about her identity or the history of her tokens in the course of the transaction that can be used to identify her or profile her behaviour. Note that retail bank accounts are not generally expected to hold CBDC on behalf of a particular user, any more than retail bank accounts would hold cash on behalf of a particular user. A bank would Finally, the individual makes a payment to Business C, which Business C receives into its account with Bank C, which then has the option to return the CBDC to the central bank in exchange for cash or reserves. swap CBDC for central bank reserves from time to time, and vice-versa, with the expectation that the bank would furnish CBDC to its retail customers, subject to limits on the size and rate of withdrawals. Note also that the messages on the ledger are published by regulated financial institutions. This is an important feature of the system design: all transactions on the ledger must be published by a regulated MSB, and because the ledger is operated entirely by regulated MSBs, private actors cannot exchange value directly between their private wallets. At the same time, the private wallets offer a layer of indirection wherein MSBs would not be able to identify the counterparties to the transactions involving private wallets. Banks might need to know their customers, but merchants generally do not. Furthermore, a merchant's bank does not need to know the merchant's customers, and a merchant's customer's bank does not need to know about the merchant or its bank at all. For instances wherein merchants really do need to know their customers, the reason is generally about the substance of the relationship rather than the mechanism of the payment, and identification of this sort should be handled outside the payment system. By providing a mechanism by which no single organisation or group would be able to build a profile of any individual's transactions in the system, the use of a distributed ledger achieves an essential requirement of the design. In addition to our previously stated requirement that transactions into and out of the private wallets would be protected by mechanisms such as stealth addresses or zeroknowledge proofs to disentangle the outflows from the inflows, individuals would be expected to use their private wallets to transact with many different counterparties, interacting with the MSBs chosen by their counterparties and not with the MSBs from which their private wallets were initially funded. private wallet MSB private wallet Figure 3 : Schematic representation of a mediated transaction between consumers. Retail CBDC users wishing to transact with each other via their private wallets must transact via a regulated institution or a regulated business with an account with a regulated institution. The institution creates on-ledger transactions from the private wallet of one retail CBDC user and to the private wallet of another retail CBDC user without creating accounts for the retail CBDC users. Figure 3 depicts the mechanism by which individuals would transact from one private wallet to another. They must first identify a regulated MSB to process the transaction onto the ledger, perhaps in exchange for a small fee. The MSB would process a set of transactions from the first private wallet to the MSB and from the MSB to the second private wallet. An MSB could provide a similar service for an individual exchanging CBDC for cash or vice-versa. Presumably, the MSB would gather whatever information is needed from its customers to satisfy compliance requirements, although we imagine that strong client identification, such as what might conform to the FATF recommendations [101] , could be waived for transactions that take place in-person and are sufficiently small. In the case of small online transactions between two persons, we imagine that an attribute-backed credential indicating that either the sender or the receiver is eligible to transact might be sufficient [102] . Finally, some MSBs could provide token-mixing services for retail DVC users who had accidentally exposed metadata about the tokens in their private wallets. As we described earlier, Figure 2 illustrates a typical retail user engagement lifecycle with CBDC. More generally, we envision that a retail user of digital currency would receive it via one of four mechanisms: 1. Via an exchange of money from an account with an MSB into digital currency. We stipulate that an individual or business with an account with an MSB could opt to withdraw digital currency from the account into a private wallet. Digital currency held by a retail user in the user's private wallet would be like cash. Because it is not held by an MSB, it would not be invested and it would not earn true interest. (In Section 4, we suggest a mechanism by which governments can incentivise or penalise the asset itself, but this would not be "true" interest and would not serve the same purpose.) Similarly, an individual or business with an account with an MSB could opt to deposit digital currency from a private wallet into an account, reversing the process, as shown in Figure 4 . As a recipient of digital currency from an external source, received into an account with an MSB. In this case, the user would be the recipient of a digital currency payment. The sender of the payment might be known, for example if it is an account with an MSB, or it might be unknown, specifically if it is a private wallet. Figure 4 : Schematic representation of a user depositing CBDC into a bank account. Retail users would be permitted to deposit funds into their own accounts, possibly subject to certain limits or additional checks in the event that such deposits are frequent or large. 3. As a recipient of digital currency from an external source, received into a private wallet. Any transaction in which a private wallet receives digital currency from an external source must be mediated by an MSB, so the key difference between this mode of receiving digital currency and a withdrawal from the user's own account is that in this case the recipient does not have (or is not using) an account with the MSB. This form of transaction is illustrated in Figure 3 . We imagine that there would be certain legal requirements, such as transaction limits or a requirement for the recipient to provide positive identification documents to a human clerk, that would govern the role of the MSB in such transactions. We also imagine that this process could be particularly useful as a means to deliver government payments (for economic stimulus or for other reasons) to retail users without bank accounts, as illustrated in Figure 5 . Via an exchange of physical cash into digital currency. The transaction in which physical cash is converted to digital currency would be facilitated by an MSB, subject to appropriate rules, just as in the case that digital currency is received directly from an external source. For example, the MSB might be required to ask for information concerning the origin of the cash if the amount exceeds a certain threshold. We imagine that an individual might share the private cryptographic information (e.g. a private key that can be used to initiate a transaction) associated with digital currency with another individual, thereby allowing the other individual to transact it on her behalf. We do not consider that such an exchange of information would constitute a payment, since there is nothing intrinsic to the system that would stop the first party from spending the digital currency before the second party has a chance to do so. It would be appropriate to characterise such an exchange as a "promise of payment" rather than a payment itself, similar to providing a post-dated cheque, and there is no mechanism to prevent people from making promises to each other. Once an individual or business is in possession of digital currency, the ways to dispose of the digital currency are the inverses of the methods to acquire it. Although it can accommodate CBDC, the digital currency system we propose is actually a "value container" [65] , which we extend to potentially represent a plethora of different assets and their underlying infrastructure, including but not limited to central bank or government assets. The system can be adapted to work with both fiat-based CBDC issued by central banks as well as with asset-based FDC issued by governments, and for this reason it can facilitate more effective monetary and fiscal policy. Our proposal responds directly to concerns that have been introduced or exacerbated by the SARS-CoV-2 crisis as a signal of the innovation that should have been taking place. In particular, our proposed system can be used as a flexible platform for implementing a variety of economic stimulus policies including streamlined issuance of currency by the central bank, QE through asset purchases, and direct payment or allocation of credits to individuals and non-financial businesses. Figure 6 offers an illustration of how digital value containers can enhance the policy toolkit available to State actors. Our CBDC design model allows for all CBDCs (or some part of them) to bear interest-like features and (dis)incentives that may drive spending or saving. These features can be applied more in general also to FDCs and could be done through "vintages" where tokens are marked according to their time of issue allowing the CBDC or FDC to mimic the effects of remuneration 10 . It is critical to note here that we are not referring to (dis)incentives on accounts directly, but rather associated instead to the tokens themselves and which are set by the issuer/sender. Once the decision to implement vintages is made, the designer can experiment with different design options. For example, different classes of vintages can be introduced and either subsidies or taxes can be set on the exchange across one variant to another, or through penalties and rewards. Vintages will not generally be usable to distinguish one token of CBDC or FDC from another, as a timestamp would, instead, those of a particular vintage would be fungible with one another. Each vintage would encompass all CBDC or FDC issued within a particular time period that is, preferably and plausibly, set to be long enough that retail users would generally be expected to have spent all of the tokens they receive at the start of the vintage before the end of the vintage; for example, it would be possible to have a few vintage periods per year. It would be prudent, and we would propose that the schedule, type, and format of rewards and/or penalties over the lifetime of a CBDC or FDC within a particular vintage to be generally fixed at the time of issuance and the same across all within a particular vintage, but that need not necessarily be the case, and it would be subject to the policy at hand. We do not envisage that rewards or penalties would apply to a particular vintage until after one full vintage period following the issuance of that vintage but it would be possible. Under this assumption, an issued DVC in vintage period T would be exchangeable at an MSB for bank deposits at par with cash or bank deposits, for the entirety of vintage periods T and T + 1. To penalise long-term retail users and encourage spending, a government might impose a penalty at a certain rate r that would apply to all tokens of that vintage at the start of vintage period T + 2 and each vintage period thereafter, meaning that its value following the penalty would be multiplied by 1 − r, compounding every year thereafter until period T + n, where n is chosen by the issuer, after which time the token is declared worthless. On the other hand, to reward long-term retail users and encourage saving, a government could set as a feature a reward at a certain rate r that would apply to all tokens of that vintage at the start of vintage period T + 2 and each vintage period thereafter, meaning that its value following the reward would be multiplied by 1 + r, compounding every year thereafter until period T + n, and expiring sometime thereafter. In principle, the DVC issuer could also issue a "special vintage" of DVC during some period T that can only be transacted by retail users before some time T + n, with the purpose of stimulating spending, with rules preventing MSBs from allowing retail users to exchange this special vintage for bank deposits or cash. After time T + n, retail users might have a short grace period in which to exchange their DVC tokens for cash or bank deposits with a penalty, after which time the tokens would expire worthless. The ability to impose positive incentives such as through subsidies on CBDC would increase demand for it and lead to an outflow from bank notes and possibly bank deposits into CBDC, whereas were it to be negative or through disincentives such as taxes, as a measure taken to escape a liquidity trap, it would decrease the demand for CBDC and lead to an outflow from cash as a safer price stable medium of exchange. To address this major issue, together with the possibility of arbitrage across instrument types, would require policy makers to make the right DVC design choices. For example, if the overnight rate were less than the remuneration r of CBDCs, MSBs would hold CBDC, which would ultimately decrease the yield on CBDC and increase the overnight rate. If the overnight rate were greater than that on CBDC, then MSBs would invest into reserves which would increase the yield on CBDC. Therefore, it would be pragmatic for the interest rate on CBDC and overnight right on reserves to be equivalent, and which would ultimately help set other market rates within the economy through the appropriate (dis)incentives such as taxes and subsidies in a particular vintage [71] . Were the CBDC or FDC to carry with it (dis)incentives in some way, it would become a priority monetary and fiscal policy instrument through its programmability in the conventional monetary and fiscal policy toolbox, because it would affect household spending and firm investment saving decisions either (i) directly by means of funds in their respective wallets through taxes/penalties or rewards/subsidies to the DVC asset itself, whereby real-time policy could become a reality; (ii) indirectly due the remuneration of the CBDC leading to the setting of the lower limit for the rate on bank deposits; and (iii) modelled to achieve directly, the same intended effects of setting of the policy rate. Our CBDC platform can be used as a tool to achieve these goals seamlessly with the flexibility to alter features directly, in an automated way and immediately. The issuance and use of a CBDC could also become a useful tool for central banks in managing aggregate liquidity. For example, were CBDC to be widely held and adopted for use, it could lead to a shift in aggregate liquidity, which refers to the assets being used and exchanged and which carry a liquidity premium [79] . Under certain models, a CBDC would lead to efficient exchange, particularly given that it is a low cost medium of exchange and has a stable unit of account, and particularly in the case wherein the digital currency (as we propose it) is being used in a broad range of decentralised transactions, and allows for monetary policy transmission channels on trading activity to be strengthened. The central bank would have at its disposal certain capabilities in controlling the supply and price of CBDC, including through the use of (dis)incentives to generate a higher liquidity or lower premium in CBDC and in bank deposits, subject to where investment frictions exist in a much more targeted way [79] . Moreover, CBDC can be used as intraday liquidity by its holders, whereas liquidity-absorbing instruments cannot achieve the same effect. At present, there are few short-term money market instruments that inherently combine the creditworthiness and the liquidity that a CBDC (or DVC, more generally) could potentially provide. CBDC, therefore, could play an important deterrent role against liquidity shocks. The most direct impact of our approach to digital currency on the financial industry involves risk management, on several levels. By improving the speed of settlement, digital currency can be used to facilitate liquidity risk management among financial institutions. Digital currency can also be used to address systemic risk, both explicitly, by offering regulators a view into substantially every transaction, as well as implicitly, by offering governments a tool to implement stimulus while controlling the aggregate leverage in the system. Considering that, in general, DLT offers a promising risk-mitigation tool [107] , our design relies on a DLT network operated by MSBs and other private-sector institutions rather than a centralised ledger run by a single public (or private 11 ) organisation. As such, our approach addresses a variety of risks associated with relying upon a central arbiter: (1) technical risks associated with availability, reliability, and maintenance; (2) risks associated with trust and operational transparency; and (3) financial and legal risks. Our approach also allows the private sector to operate the infrastructure for retail payments, clearing, and settlement, while allowing government regulators to oversee the system at an organisational level. Finally, because we imagine that digital currency will complement rather than substitute for bank deposits, our approach leverages the role of commercial banks without forcibly decreasing their balance sheets. Because our system allows a measure of true anonymity, it does not intrinsically require the identities of both counterparties to be visible to authorities. Revealing mutual counterparty information for every transaction would divert the onus of fraud detection to law enforcement agencies, effectively increasing their burden, while well-motivated criminals would still be able to use proxies or compromised accounts to achieve their objectives, even if every transaction were fully transparent. Our system design offers a different approach. Because every transaction involves a regulated financial intermediary that would presumably be bound by AML/KYC regulations, there is a clear path to investigating every transaction. Authorities would be positioned to ensure that holders of accounts that take payments from private wallets adhere to certain rules and restrictions, including but not limited to tax monitoring. The records from such accounts, combined with the auditable ledger entries generated by the DLT system, could enable real-time collection of data concerning taxable income that could support reconciliation and compliance efforts. Because all of the retail payments involving digital currency would use the same ledger, identification of anomalous behaviour, such as a merchant supplying an invalid destination account for remittances from private wallets, would be more straightforward than in the Goodell, Tasca, Nakib R3 [16] Bank of England [22] Sveriges Riksbank [105] Adrian and Mancini-Griffoli (IMF) [104] Bordo and Levin [23] ConsenSys [106] Zhang "Synthetic CBDC" (IMF) [20] Auer and Böhme (BIS) [103] Can hold value outside an account current system, and real-time automated compliance would be more readily achievable. Such detection could even be done in real time not only by authorities but also by counterparties, thus reducing the likelihood that it would occur in the first instance. Table 1 offers a comparison of the main design features. The features of our design that contrast with many of the prevailing CBDC design proposals include, but are not limited to, the following: 1. Retail users can hold digital assets outside accounts. Most of the existing proposals assume that digital assets would be always held by intermediaries. In contrast, our proposal empowers retail users with the ability to truly control the assets they hold and choose custodians, when applicable, on their own terms. No central bank accounts for individuals and non-financial businesses. In our view, requiring central bank accounts would introduce new costs, weaknesses, and security vulnerabilities. It would result in the central bank taking responsibility for actions commonly performed by the private sector in many countries, and it would negate the benefits of using tokens rather than accounts. A purpose-built domestic, retail payment system. The requirement to support cross-border or wholesale payments is intentionally not included in our design. Our proposal is designed specifically to meet the requirements for a domestic, retail payment system, which we believe differ significantly from the requirements for a cross-border or wholesale payment system. 4 . True, verifiable privacy for retail users. Data protection is not the same as privacy, and our proposal does not rely upon third-party trust or data protection for their transaction metadata. Some proposals include "anonymity vouchers" that would be usable for a limited time in accountsbased digital currency systems [16, 17] . We do not believe that such approaches would be effective, not only because of the dangers associated with reducing the anonymity set to specific intervals but also because of the attacks on anonymity that will always be possible if value is to be transferred from one regulated account directly to another. No new digital identity systems. Our system does not require any special identity systems beyond those that are already used by MSBs and private-sector banks. In particular, it does not require a system-wide identity infrastructure of any kind, and it also explicitly allows individuals to make payments from their private wallets without revealing their identities. No new real-time operational infrastructure managed by central authorities. Our proposed system can be operated exclusively by private, independent actors without relying upon a central actor to operate any specific part of the infrastructure. The distributed ledger makes it possible to assign responsibility for most transactions to the MSBs, not the central bank. An MSB is responsible for each transaction that it writes to the ledger, and the DLT can be used to create a (potentially) immutable record binding every transaction to the corresponding MSB that submitted it. We understand that the central bank is not responsible for individual transactions. In an effort to address the current crisis, central banks and governments have had to deploy a variety of conventional and unconventional policies and tools. The community is aware that innovative solutions are needed both to address the current crisis, which is markedly different than the last one in 2008-2011, and, most importantly, to prepare for future crises. Along this thread, a growing community of academics and policymakers is actively discussing the opportunity to empower central banks with a CBDC. As a result, different design models have been proposed so far in the literature. We believe that all the models proposed so far fail to meet important design criteria that have been summarised in Table 1 . In particular, we show that other concurrent CBDC design proposals omit certain design features that have an impact on critical areas of welfare-generating characteristics, as well as governance and financial implications. The proposal that we have articulated addresses these essential requirements directly and does not compromise. At the same time, our proposal is also much broader than a version of digital cash issued by a central bank. Instead, it encapsulates a generalised underlying infrastructure that enables a greater and more direct variety of tools to effect monetary and fiscal policy. Much like a connected railway system, our DVC proposal provides the underlying basis for programming a large variety of assets in new ways, supporting their deployment and distribution, and securing the privacy of users without disrupting existing market structures. Whether it is used for CBDC or FDC, sovereign debt or collateral, or other fungible and non-fungible assets, the underlying infrastructure is a necessary next step to provide the appropriate framework to better equip government policymakers to address systemic issues in the real economy. In other words, our DVC proposal is complementary both to the current two-tiered banking structure and to the array of existing monetary and fiscal policy tools and their mechanisms. We conclude by highlighting two final important design features that make our model unique. First, our proposal uses a DLT-based settlement system that is overseen by State actors but operated entirely by private, independent actors. Second, it aims to enhance the welfare and safety of users by employing privacy by design without compromising the core risk analysis capacity in which policymakers would be interested if DVC were used to implement a CBDC system. Debt to equity ratio in financial corporations The Great Lockdown: Worst Economic Downturn Since the Great Depression Federal Reserve Bank of New York Mnuchin Warns Senators of 20% US Unemployment Without Coronavirus Rescue, Source Says US weekly jobless claims hit 3 million, bringing the 8-week total to more than 36 million World Economic Outlook Asset Purchase Facility (APF): Asset Purchases and TFSME Market Notice ECB announces e750 billion Pandemic Emergency Purchase Programme (PEPP) Official Bank Rate History US Federal Reserve Board $15 trillion and counting: global stimulus so far Policy Responses to COVID-19 Bank for International Settlements Casting Light on Central Bank Digital Currency Central Bank Digital Currency: an innovation in payments CBDC: Considerations for the Digital Euro Speech at the Consensus 2020 virtual conference What if Responsible Encryption Back-Doors Were Possible? Keynote Address on Central Bank Digital Currency Cross-Border Interbank Payments and Settlements: Emerging Opportunities for Digital Transformation Central Bank Digital Currency: opportunities, challenges and design Central Bank Digital Currency and the Future of Monetary Policy Post Keynesian macroeconomic theory Why bank capital matters for monetary policy Proceeding of the Conference on Monetary Policy in a Changing Financial Landscape Monetary Policy Transmission and Bank Deleveraging. The Future of Banking Summit COVID-19: ECB Pandemic Emergency Purchase Programme key points Public credit guarantees and SME finance On the money Earnings and income inequality in the EU during the crisis Credit Guarantee Schemes for SME lending in Central, Eastern and South-Eastern Europe Credit guarantee schemes for SME lending in Western Europe (No. 2017/42). EIF Working Paper Credit Guarantee Schemes for SME lending in Central, Eastern and South-Eastern Europe Minimum Income Policies in EU Member States Credit Guarantee Schemes for SME lending in Central, Eastern and South-Eastern Europe Imperfect information, uncertainty, and credit rationing Credit rationing in markets with imperfect information The coronavirus crisis is no 2008 Levy Economics Institute Working Paper No. 355 Rethinking the Role of State in Finance On the pros and cons of public sector intervention through social cards channels Is there a credit crunch in East Asia Digital Currencies, Decentralized Ledgers, and the Future of Central Banking The deposit channel of monetary policy U.S. consumer debt is now above levels hit during the 2008 financial crisis Average UK household debt now stands at record 15,400 The safety trap Central bank digital currency: financial system implications and control. Version of Retail payments and the real economy, Working Paper no. 1572, European Central Bank The Payment System. Payments, Securities and Derivatives, and the Role of the Eurosystem, European Central Bank Federal Reserve Bank of Philadelphia Working Papers WP 19-26. 26-28 How Does Monetary Policy Affect Your Community? Has the Financial Crisis Permanently Changed the Practice of Monetary Policy? Has it Changed the Theory of Monetary Policy? Un)conventional policy and the effective lower bound Evaluating Central Banks Tool Kit: Past, Present, and Future Quantitative Easing: An underappreciated Success Peterson institute for International Economics The Case for Central Bank Electronic Money and the Non-case for Central Bank Cryptocurrencies Assessing the Impact of Central Bank Digital Currency on Private Banks Staff Working Paper No 605 The macroeconomics of central bank issued digital currencies Speech to Singapore Fintech Festival as prepared for delivery Designing Central Bank Digital Currencies Blockchain Technology: Principles and Applications The Optimum Quantity of Money does-the-fed-have-left-part-3-helicopter-money/; see also Caballero Central Banking in a Digital Age: Stock-Taking and Preliminary Thoughts Bank of England Staff Working Paper No 724 Broadening narrow money: monetary policy with a central bank digital currency European Central Bank Working Paper Series 2351 Central Bank Digital Currencies: Motivations and Implications (2017) Bank of Canada Staff Discussion Paper Federal Reserve Bank of New York Economic Policy Review Bank of England Staff Working Paper No 724 Broadening narrow money: monetary policy with a central bank digital currency The e-krona and the macroeconomy How Could Central Bank Digital Currencies be Designed?" SUERF Policy Note Issue 129 Payments Are A-Changin but Cash Still Rules Negative Interest Rate PoliciesInitial Experiences and Assessments. IMF Policy Paper Systemic Banking Crises Revisited. IMF Working Paper 18 206 Federal Reserve Bank of Philadelphia Working Papers WP 19-26 Can Cryptocurrencies Preserve Privacy and Comply with Regulations? Payment, clearing andsettlement systems in the CPSS countries Payment, clearing andsettlement systems in the United Kingdom Blockchain Alternatives: The Right Tool for the Job Practical Byzantine Fault Tolerance XRP Fact Sheet Visa acceptance for retailers The Risks of Key Recovery, Key Escrow, and Trusted Third-Party Encryption Keys under doormats: mandating insecurity by requiring government access to all data and communications 115th Congress of the United States. H.R. 5823 French say 'Non, merci' to encryption backdoors Stealth Address and Key Management Techniques in Blockchain Systems Non-Interactive and Information-Theoretic Secure Verifiable Secret Sharing Confidential Transactions: How Hiding Transaction Amounts Increases Bitcoin Privacy How to Leak a Secret Blockchain and distributed ledger technologies -Privacy and personally identifiable information protection considerations Scalable, transparent, and post-quantum secure computational integrity BlockMaze: An Efficient Privacy-Preserving Account-Model Blockchain Based on zk-SNARKs Sapling PGP User's Guide The FATF Recommendations A Decentralised Digital Identity Architecture The technology of retail central bank digital currency International Monetary Fund FinTech Note 19/01 Technical solution for the e-krona pilot Central Banks and the Future of Digital Money Managing Risk Under the Blockchain Paradigm All icons and clipart images are available at publicdomainvectors.org, with the exception of the wallet icon We thank Professor Tomaso Aste for his continued support for our project. Geoff Goodell is also an associate of the Centre for Technology and Global Affairs at the University of Oxford. We acknowledge the support of the Centre for Blockchain Technologies at University College London and the European Commission for the FinTech project (H2020-ICT-2018-2 825215).