Towards a Digital Euro: What Does It Mean for the Safety of Europe?
The digitalization of the economy and the rapid spread of virtual currencies have created unprecedented opportunities for cross-border illicit activities. The most recent proposal of the European Central Bank for the development of a central bank digital currency is no exception. Known as a digital euro, the project is envisioned to differ from crypto-assets and stable coins in its centralized oversight and control of digital transactions. Hence, by allowing a central banking authority to monitor and verify online transactions, a digital euro could facilitate the fight against organized crime in the EU. Yet, the currently proposed design possibilities of a digital euro reveal vulnerabilities to compliance with anti-money laundering and counter-terrorist financing regulations, as well as pose a significant threat to the safety of children in the digital space.
The Inevitable Rise of CBDCs
In July 2021, the European Central Bank (ECB) launched an investigation phase of a digital euro project. The investigation is set to last 24 months and will examine key challenges and opportunities for the design and distribution of a digital version of the euro. A digital euro would potentially reach a population of 340 million people if adopted by all of the 19 nations currently part of the Eurozone.
The digital euro is envisioned as a central bank digital currency (CBDC) and its aim is to combine the efficiency of electronic payment with the safety of central bank money. ECB’s decision has come at a time of an unprecedented rise of cryptocurrencies, digital currencies backed by private tech giants (such as Facebook’s Diem project) and heightened geopolitical pressure for the EU to keep up with technological developments, given that China is already testing its digital yuan.
On the one hand, the digitalization of the European economy could make payments faster and more accessible, as well as support the strategic autonomy of the European Union. On the other hand, digital banknotes come with a plethora of risks associated with the safety and security of citizens.
A Digital Euro and the European Security Union Strategy
The pseudo-anonymity of cryptocurrencies has been widely used by malicious actors to launder the proceeds of criminal offences and engage in digital transactions on the basis of privacy and–to a certain degree–untraceability. By using the blockchain technology underpinning cryptocurrency transactions, however, law enforcement has been able to trace illicit activities and dismantle criminal networks. Hence revealing the potential benefits stemming from the use of digital money in the fight against crime.
Likewise, if designed properly, a digital euro could enhance anti-money laundering (AML) and counter-terrorist financing (CTF) efforts through the use of blockchain or other types of distributed ledger technology (DLT). In December last year, the EU presented its first progress report on a new Security Union Strategy from 2020 to 2025, which recognizes the changing threat landscape and the need for innovative approaches to tackling cybercrime, with online child sexual abuse being of increased concern.
Security Concerns over Design Possibilities
In juggling the demands of ensuring privacy and providing transparency when designing a digital euro, the ECB is likely to face obstacles to complying with AML and CTF regulations without jeopardizing the privacy of its users. A Report on a digital euro, published in October 2020, acknowledges that CBDCs might easily facilitate illicit activities if not controlled sufficiently.
Thus far, complete anonymity has been ruled out by the ECB. At present, the Central Bank is considering two approaches for the back-end infrastructure of a digital euro: a centralized and decentralized one. In a centralized infrastructure, digital transactions are recorded in the Eurosystem’s ledger and supervised intermediaries are responsible for recording the transactions. Such design, however, would require the processing of high volumes of payments without having the necessary infrastructure in place, which could create vulnerabilities to cyber-attacks and IT system failures. A centralized infrastructure also renders ECB incapable of adhering to AML and CTF requirements, since the divergence of national regulations and EU jurisdictions would hamper KYC processes performed by supervised third parties.
In a decentralized model, which is currently being discussed by the ECB, the end-user, or supervised third parties acting on their behalf, would be responsible for the verification of payments. Similar to cryptocurrencies, a DLT would allow end-users to transfer holdings without the presence of a third party through the use of biometric authentication, such as fingerprint and iris recognition. To circumvent a potential infringement on privacy, an alternative model is considered where the private sector would play an active role in the settlement of transactions, including ensuring adherence to AML and CTF regulations.
Yet, the risk of such a scenario lies in the potential involvement of inexperienced intermediaries in digital transactions, which is likely to create gaps and facilitate illicit activities. In March 2020, the Bank of England raised concerns over the potential lack of third parties’ expertise involved in CBDCs. According to financial crime analysts, “new players, many with immature or non-existent Financial Crimes Compliance experience, may become the gatekeepers – providing a weakness for criminals and money launderers to exploit”.
Child Sexual Abuse Material
An area of particular concern is the production, distribution and consumption of online child sexual abuse material (CSAM) in Europe. In recent years, the EU has become the largest host of child sexual abuse material globally – 2/3 of the total 17 million materials identified in 2019 were detected on the territory of Europe. Depending on its design, a digital euro could have a profound impact on the availability and dissemination of such material.
To prevent illicit activities, such as large-scale money laundering, the ECB has proposed a threshold of 3,000 € for an individual account. Albeit effective in the realm of AML, this regulation will do little to prevent crimes against children, which are oftentimes driven by sexual gratification rather than financial gains. In fact, a study by Chainalysis revealed that most cryptocurrency payments to CSAM providers fall within the range of $ 10 to $ 50, indicating a pattern of frequent transactions in small amounts. As of April 2020, nearly all CSAM transfers in cryptocurrencies amounted to roughly $15, pointing to the fact that regulating large-scale transactions will unlikely keep online predators at bay.
Another risk is the use of an offline payment system which would allow users to remain fully anonymous, as is currently the case with cash. Offline digital transactions would be executed by means of specific user devices like smartcards. Yet, details on the security features of such devices have not been specified at the time of writing. Given that most CSAM payments occur during nighttime hours, the possibility of an offline digital payment method might become an attractive alternative to cryptocurrency transactions, since it would allow criminals to circumvent what could otherwise be an indicator of suspicious online behaviour.
The ECB has warned that the process of issuing a digital euro might take up to five years with a potential rolling out planned for 2026. This will likely coincide with the development of a new European Security Union Strategy, which would allow for the strategic inclusion of a digital euro as an instrument to protect citizens and combat illicit activities. If implemented effectively, the short-term challenges listed above could potentially transform into long-term opportunities for the continuously evolving European security landscape.
