The regulated liability network on Corda

The ideas around CBDC design and architecture have developed rapidly over the past 2 years. The typical CBDC project is initiated by one or several central banks as they work their way through the design choices. One tool in this journey has been the R3 Sandbox for Digital Currencies, which allows participants to experience the outcomes of different design choices.

By contrast, the Regulated Liability Network (RLN) concept emerged from the regulated private sector in the summer of 2021. The team behind the initiative includes Citi, OCBC, Goldman Sachs, , BondeValue, Bank of America, Bank of New York, Payoneer, Paypal, Wells Fargo, SETL and Linklaters.

RLN tokens, issuance and payments

The proposal is that regulated institutions – including central banks, commercial banks, and e-money providers – tokenize their liabilities. These liabilities have one common characteristic: they are promises to pay the customer on demand at par value in national currency units. This characteristic means that the token would work with, rather than replace, existing legal instruments. RLN tokens are simply novel representations of existing deposits. We go into more detail about this design proposal below.

The objective of this short piece is to consider how RLN tokens would work within the structure of the R3 Sandbox for Digital Currencies. We first describe the proposed technical architecture of the RLN along with where it sits within the existing sandbox. We then look into the specifics of how issuance and payment operations would work were RLN tokens to be issued in a Corda environment.

1.   RLN architecture

The proposed architecture takes inspiration from the structure of TARGET in Europe. In that case, each national central bank writes its liabilities into a shared ledger. Taking this concept one step further, RLN would extend the ability to write to a shared ledger to commercial banks and regulated non-banks. The primary focus of the concept is that there should be a common settlement infrastructure for the regulated community.

Before we get into the technical features of the RLN proposal, a caveat. Because the proposal is technology neutral, it is open to a range of blockchain approaches. It could be a single DLT or multiple, interconnected DLTs. The blockchain could be public or private. It is also possible to imagine that the RLN could be architected without using DLT at all but a different kind of distributed, event-based infrastructure.

To begin, there are four foundational parameters in the RLN. These include:

  • Issuer: Only regulated entities can be an issuer of RLN tokens. These entities include central banks, regulated financial institutions or e-Money providers. Each issuer operates its own partition. Tokens in those partitions are claims on the issuer in the same way that normal accounts represent claims on the issuer.
  • Users: Wallets or Accounts will only be available to clients that have undergone KYC checks. This design feature is aimed at limiting the potential for financial crime on the network. It also means that RLN tokens will not be bearer instruments.
  • Payment flow: Transfers between participants are achieved by extinguishing liabilities on the sending side and creating liabilities on the receiving side. Payments are settled in central bank liabilities between the participants
  • Regulated Network Operator: It is anticipated that the RLN will be operated as a new, regulated FMI operated in accordance with the Principles for Financial Market Infrastructures

In Corda terms, these features mean that an RLN network would: use a token-based model, have identity-linked wallets/accounts, and move liability with the token. Figure 1 illustrates what this would look like with 2 commercial banks, 1 e-money provider and 1 central bank. Central banks still retain a special role in such a system in the same way as they do today.

Figure 1. Issuers and their activities in an RLN Corda framework

A reason this model is gaining attention is because it is aligned with the current state of the global financial system, which is a network of public and private balance sheets. This might provide less disruption to the financial system, should a CBDC be introduced by the central bank. RLN has the added benefit that it takes advantage of new technologies like blockchain to improve efficiency, security and reduces counter-party settlement risks of existing payments systems.

We’ll now dive into two of the key design considerations. These include: who is issuing the tokens, and what is the process of payments.

2.   Diversified token issuance

The first shift in the typical CBDC model is that a greater variety of issuers will exist. In the current R3 Sandbox for Digital Currencies, tokens are issued by central banks. This is a common way to model both wholesale and retail CBDC. In contrast, RLN tokens are issued by a variety of regulated institutions. These include not only central banks but also commercial banks, e-money issuers. This could be extended one step further to stablecoin issuers once (if) they achieve the status of regulated liabilities. RLN diversifies the number of issues because it contains both central bank money (like a normal CBDC) and commercial bank money and e-money from regulated non-banks.

The reason that multiple issuers is feasible in the existing Sandbox framework is because the proposed RLN incorporates multiple partitions, one for each regulated participant. Partitioning in programming refers to a logical division of a larger data set. In the same way each RLN partition belongs to a different regulated entity, all of whom contribute to the global population of regulated liabilities. The liabilities of each participant are recorded in their partition, which is their own territory as if they were recording liabilities on their own proprietary systems.

RLN then makes these liabilities fungible across the network through settlement in central bank money. That is the central bank partition serves to settle most liabilities in central bank tokens.

3.   Independent payment operations

Token issuance is the first step towards payment operations. In this section, we look at how payments would work in the RLN framework. In the current Sandbox for Digital Currencies, payments are accomplished in a single atomic transaction. This uses a cross-network implementation to ensure sub-network/partition sovereignty.

In contrast, RLN proposes three steps for payments. These are:

  1. Burning – tokens are burned in the sending partition. This represents extinguishing a liability of the sending party
  2. Minting – tokens are created in the receiving partition. This represents creating a liability of the receiving party
  3. Settlement – central bank tokens are the only form of settlement. The sending party settles with the receiving party through a token transfer in the central bank partition

Figure 2 considers how the current RTGS system (in blue) would change using RLN (in pink). The main difference is that RLN allows a modified RTGS setup with a greater number of actors issuing tokens. Section 3 on payment operations goes into some additional depth for this model.

Figure 2. RTGS today vs with RLN

Customer A of Bank 1 makes a payment to Customer B of Bank 2. Each Bank 1 and Bank 2 have their own independent, isolated network of their regulated liabilities on Corda and their Central bank has its own independent, isolated network of CBDCs.

Bank 1 initiates a burn of equivalent token liabilities, upon receiving the payment request and instructs Central bank to move equivalent CBDCs into Bank 2 ‘s vault in the Central bank sub-network/partition.

Bank 2 initiates a mint of equivalent token liabilities, upon receiving the CBDCs in its vault. The ownership of these minted tokens are then transferred to Customer B, in the Bank 2’s sub-network/partition.

The proposed RLN payments procedure is already supported by the R3 sandbox architecture. The reason is that Corda is built in such a way that transactions between two nodes are not visible to other nodes. Each node has its own subset of the ledger that only shows the transactions in which the node has participated.  In addition, there is a notary service which verifies that there is no double spending of liabilities (possible fraud) by one of the parties. This existing setup already meshes seamlessly with the RLN concept.

4.   Steps to building a new FMI

At this stage, the RLN is conceptual more than it is about testing technical feasibility of any given implementation. The building of a new FMI is a major undertaking that will require considerable time and resources to achieve.

Yet RLN is a worthwhile attempt by the industry to move forward in a coherent way. It recognizes that unregulated providers of digital money are not waiting to see what individual banks and central banks might do next.

If digital assets have the potential that we think they do, then the exploration of networks that combine new technology with the realities of sovereign money as a combination of public and private regulated liabilities is an interesting path to consider. Early indications are that RLN has captured the imagination of an influential cross section of policy makers and commercial operators – both banks and non-banks.

The future RLN roadmap may encompass not only the liabilities of regulated institutions but, also other forms of assets projected into their partitions on the network.  This would, in combination with global RTGS capability, provide next generation PVP and DVP capabilities on a 24*7, programmable network.