Central Bank Digital Currency Path Selection: Wholesale or Retail?
TechFlow Selected TechFlow Selected
Central Bank Digital Currency Path Selection: Wholesale or Retail?
Most central banks focus more on retail CBDCs. Currently, the People's Bank of China's DC/EP is leading globally in retail CBDC projects.
Navigating Web3 tides with focused insightsAuthor | Zou Chuanwei, Chief Economist, Wanxiang Blockchain
Central bank digital currencies (CBDCs) can be designed in various ways, one key question being whether a CBDC should be wholesale or retail.
Wholesale CBDCs are restricted to use between central banks and financial institutions and are not accessible to the general public. Retail CBDCs, also known as general-purpose CBDCs, are available for public use. Among major central banks’ CBDC initiatives, some prioritize retail designs—such as the People's Bank of China’s DC/EP—while others focus initially on wholesale models, including the Bank of Canada’s Jasper project, the Monetary Authority of Singapore’s Ubin project, and the Stella project jointly conducted by the Bank of Japan and the European Central Bank. According to a survey by the Bank for International Settlements (BIS) covering 66 central banks (representing 75% of the global population and 90% of global economic output), 15% are researching wholesale CBDCs, 32% are exploring retail CBDCs, and nearly half are studying both types simultaneously.
I believe that as consensus gradually forms around several core design issues, the most critical decision for any CBDC project will be whether to prioritize a wholesale or retail model. This choice will determine the target application scenarios, design and development roadmap, and rollout strategy of the CBDC.
1. Key Issues in CBDC Design
In any country, a CBDC is a systemic endeavor requiring careful consideration of multiple factors. The World Economic Forum (WEF) has discussed CBDC design across layers including problem definition, digital payment ecosystems, CBDC form, operational risk, financial inclusion, data protection, regulatory compliance, macroeconomic and financial risks, design elements, technology selection and associated risks, governance mechanisms, and implementation strategies. In my view, after more than six years of research and experimentation, consensus has begun to emerge on several fundamental issues.
A CBDC represents a digital liability of the central bank and constitutes a new form of legal tender. Since a CBDC is a liability of the central bank, it substitutes only base money—not broader forms such as commercial bank deposits or other monetary aggregates.
This leads to two implications.
First, base money consists of cash and reserve balances; a CBDC may substitute either. Substitution of cash corresponds to retail CBDC; substitution of reserve balances corresponds to wholesale CBDC.
Second, claims such as “CBDC replacing M2” are logically inconsistent. Certain liabilities issued by commercial banks (e.g., certificates of deposit, bonds) could be tokenized, but this is conceptually distinct from CBDC.
There are two modes of CBDC issuance.
First, demand-driven model. Commercial banks purchase CBDC from the central bank using reserve balances. For example, under the PBOC’s DC/EP framework, during issuance the PBOC deducts reserves from commercial banks and issues an equivalent amount of DC/EP; during redemption, the PBOC adds back reserves and cancels the corresponding DC/EP.
The demand-driven model offers two main advantages. First, commercial banks determine the volume and timing of CBDC issuance and redemption based on market demand, enabling better alignment with actual needs. Second, CBDC issuance and redemption do not affect the total quantity of base money, resulting in a neutral impact on monetary policy.
Second, supply-driven model. For instance, the central bank purchases bonds or foreign exchange from commercial banks using CBDC, or provides relending to commercial banks via CBDC. Under this model, the central bank controls the volume and pace of CBDC issuance and redemption, which directly alters the total base money supply. Among major central banks' CBDC projects, the demand-driven model dominates, and the principle of issuing CBDC “against 100% reserves” is widely followed.
In CBDC issuance and redemption, the central bank’s counterparty can be either commercial banks or the public. The former corresponds to a two-tier (or dual-layer) model: CBDC issuance and redemption occur between the central bank and commercial banks, while the public acquires and redeems CBDC through transactions with commercial banks. The latter corresponds to a single-tier model. A single-tier model imposes high technical requirements on the central bank’s CBDC system and significantly disrupts commercial banks’ business models. Therefore, major central banks generally adopt the two-tier model.
Two clarifications regarding the two-tier model: First, retail CBDCs typically follow the two-tier model. Even when CBDC usage is open to the public, individuals obtain CBDC indirectly through commercial banks rather than directly from the central bank. Second, a variant of the two-tier model is so-called synthetic CBDC, where digital currency is a liability of an issuer backed by its reserves held at the central bank.
A CBDC can adopt either a Token paradigm or an account-based paradigm. The account-based paradigm relies on centralized management, requires users to verify identity (“proving who you are”), and processes transactions hierarchically. The Token paradigm allows decentralized management, offers greater openness, requires users to prove knowledge of specific information (e.g., private keys), and enables peer-to-peer transactions. Most major central banks’ CBDC projects favor the Token paradigm, such as Jasper, Ubin, and Stella. China’s DC/EP also essentially belongs to the Token paradigm. Some projects, however, use the account-based model, including Iceland’s Rafkróna, the Bahamas’ Sand Dollar, and Ecuador’s Dinero Electrónico. Account-based CBDCs are typically retail-oriented. Wholesale CBDCs aim to replace reserve balances, which already exist in digital, account-based form, making the adoption of an account-based paradigm redundant.
Whether CBDCs should bear interest remains debated. Some scholars argue that if the goal is to replace cash, then CBDCs should not pay interest, just like physical cash. Others suggest that if CBDCs fully displace cash, CBDC interest rates could become a powerful monetary policy tool allowing direct transmission from the central bank to the public—particularly useful when nominal interest rates hit the zero lower bound, enabling negative interest rate policies.
Most major central banks’ CBDC projects lean toward non-interest-bearing designs, due to several reasons.
First, although cash incurs significant costs related to design, printing, distribution, retrieval, and anti-counterfeiting, and facilitates certain illegal activities, it does not require internet connectivity or technical expertise and hardware from users. Hence, most countries do not plan to fully phase out cash, limiting the need to use CBDC interest rates to overcome the zero lower bound.
Second, CBDC interest rates as a novel monetary policy instrument pose many unresolved theoretical and practical challenges and must be used cautiously.
Third, offline payment functionality in CBDCs complicates interest calculation.
Fourth, taxation of CBDC interest income would compromise user anonymity.
The above discussion covers areas where consensus is emerging in CBDC design. Overall, mainstream CBDC designs are converging toward core features: “M0 substitution, issuance against 100% reserves, adherence to the two-tier model, adoption of the Token paradigm, and non-interest-bearing.” The remaining key unresolved issue is whether to prioritize wholesale or retail models. It should be noted that retail CBDC includes a wholesale layer, but this layer applies only to issuance and redemption, not to applications in securities settlement or cross-border transfers.
2. Research Status on Retail CBDC
Retail CBDC has recently become a prominent academic topic. Auer and Böhme (2020) examined technologies relevant to retail CBDC, arguing that designs should meet user needs such as cash-like peer-to-peer payments, convenient real-time payments, resilient and robust operations, limited anonymity in legitimate transactions, universal accessibility, and cross-border usability. Auer and Böhme (2020) also categorized existing retail CBDC initiatives along dimensions including whether they represent direct central bank liabilities, use distributed ledger technology (DLT), adopt Token or account paradigms, and serve domestic or cross-border purposes.
Kiff et al. (2020) summarized findings from research on retail CBDC:
First, central banks primarily pursue retail CBDC to advance financial inclusion and maintain their relevance within the monetary system;
Second, central banks prefer to manage issuance themselves but often plan to outsource distribution and payment services to private-sector entities;
Third, some central banks use traditional centralized accounts, while others employ DLT;
Fourth, balancing privacy protection (user identity and transaction data) with financial integrity standards presents a major challenge.
Retail CBDC holds promise in combining the safety of cash with the convenience of peer-to-peer digital payments. The primary objective for central banks developing retail CBDC is to leverage the openness of CBDC systems to promote financial inclusion. The granular payment data generated by CBDC systems can support macroeconomic policymaking. Amid the COVID-19 pandemic, CBDCs could also serve as an efficient mechanism for governments to distribute relief payments directly to individuals.
The relationship between retail CBDC and cash usage is nuanced. On one hand, in countries with high cash usage, central banks seek to replace cash with CBDC to reduce associated costs and mitigate the risks posed by cash’s untraceability—such as money laundering, terrorist financing, and tax evasion. On the other hand, in countries with low cash usage, central banks aim to encourage the public to hold central bank money in digital form to enhance payment system security, efficiency, and resilience, and to counterbalance growing dominance by private payment providers that may undermine user privacy and fair competition.
Designing a retail CBDC involves addressing several key questions.
First, the impact of retail CBDC on financial stability and monetary policy. Retail CBDC may compete with bank deposits, leading the public to shift funds from deposits into CBDC. This could threaten deposit stability and banking intermediation, increasing the risk of bank runs. One mitigation approach is introducing frictions in the conversion process from deposits to CBDC. Retail CBDC effectively increases the public’s cash preference in digital form, reducing the money multiplier and creating a tightening effect on the money supply, which monetary policy would need to offset. Additionally, retail CBDC will have complex effects on the payments landscape.
Second, payment, clearing, and settlement arrangements for retail CBDC. Specifically, if retail CBDC payments are settled immediately by the central bank, this amounts to establishing a public-facing real-time gross settlement (RTGS) system, placing stringent demands on the security, efficiency, and cyber-resilience of the central bank’s CBDC infrastructure. Assigning full responsibility for clearing and settlement to the central bank may also discourage private-sector participation in promoting CBDC adoption. To address this, third-party custodians and payment service providers—operated by private-sector entities—could be introduced. This would allow for deferred net settlement in some contexts, easing pressure on the central bank’s system and incentivizing private-sector engagement.
Third, retail CBDC must balance openness and inclusivity, limited anonymity, and regulatory compliance. Retail CBDC systems are inherently open and can satisfy users’ needs for anonymity in lawful transactions, yet present new challenges for regulation. The PBOC’s DC/EP links wallet identification levels to transaction limits and employs big data analytics to detect suspicious flows, meeting anti-money laundering (AML), counter-terrorist financing (CFT), and anti-tax evasion (“3-anti”) requirements. This approach merits attention, though its effectiveness awaits results from internal closed pilot tests starting in April.
Fourth, how to engage the private sector in retail CBDC adoption. The central bank’s role in retail CBDC should focus on system design, infrastructure development, and standard setting. Deployment in retail environments should be led by the private sector, reflecting public-private collaboration and avoiding crowding out private initiative. However, a key question arises: What incentives do private players have? If incumbent payment providers benefit from the current system and perceive retail CBDC as a threat to their market position, why would they support it? Resolving this is challenging. On one hand, the private sector’s deep penetration into retail ecosystems—including user bases, online/offline merchant networks, and scenario integration capabilities—must be leveraged. On the other hand, incentive-compatible mechanisms must be established, ensuring value is appropriately shared with end users.
Fifth, how foreign individuals and institutions can hold and use retail CBDC. Retail CBDC is inherently suited for cross-border payments. In theory, foreign users could access retail CBDC wallets using the same procedures as domestic users. While retail CBDC can technically "cross" borders easily, its international expansion must respect other nations’ monetary sovereignty. One approach is to impose stricter holding limits on foreign users and regularly share data with foreign central banks about their residents’ holdings and usage of the CBDC.
It should be emphasized that both retail and wholesale CBDCs can improve cross-border payments, but with different emphases. Retail CBDC enables peer-to-peer cross-border payments. From a purely technical standpoint, within a retail CBDC system there is no distinction between domestic and foreign wallets or onshore, offshore, and cross-border transactions—but this places high demands on the central bank’s system architecture and technical capacity. Retail CBDC cross-border payments can operate entirely without relying on commercial banks. In contrast, wholesale CBDC retains the intermediary role of banks, primarily aiming to improve upon the current correspondent banking model.
3. Experimentation with Wholesale CBDC
Unlike retail CBDC, representative wholesale CBDC projects have undergone multiple rounds of testing with detailed disclosures. The Committee on Payments and Market Infrastructures (CPMI) has discussed theoretically the role of wholesale tokens in settlement, encompassing both wholesale CBDCs and tokenized securities. Progress reports from these projects reveal the phased core issues addressed by wholesale CBDC initiatives.
1. Can wholesale CBDC support real-time gross settlement (RTGS)? Can liquidity-saving mechanisms (LSMs) be implemented in a decentralized manner?
This concerns settlement methods in payment systems. RTGS settles payment instructions individually and in full. It is efficient and reduces credit risk among participants but demands higher liquidity. By contrast, DNS (deferred net settlement) nets payments before settling the balance, conserving liquidity but taking longer and carrying settlement risk. Hybrid models combine RTGS with LSMs, where payment systems use algorithms to net instructions before settlement. In virtually all countries, large-value payments use RTGS, typically operated and managed by central banks (e.g., China’s Large Value Transfer System).
Findings from representative wholesale CBDC trials show that wholesale CBDC can support RTGS, and LSMs can be implemented in a decentralized way (via smart contracts). For example, in Phase 2 of the Ubin project, R3 Corda, Hyperledger Fabric, and Quorum platforms successfully implemented key RTGS functions, along with queuing mechanisms and congestion solutions related to LSMs. All three platforms met financial infrastructure requirements in scalability, performance, and reliability, incorporating privacy protections. Similarly, in Phase 1 of the Stella project, a solution built on Hyperledger Fabric met the performance standards of RTGS systems, handling transaction volumes comparable to those of TARGET2 (Eurozone) and BOJ-NET (Japan), and demonstrated the feasibility of LSMs in a DLT environment.
2. Can wholesale CBDC support tokenized securities trading and enable delivery versus payment (DvP)?
After a securities trade, settlement involves transferring ownership of securities and funds according to agreement, comprising the delivery leg (securities transfer) and payment leg (funds transfer). A key risk is principal risk—the possibility that the seller delivers securities but fails to receive payment, or the buyer pays but does not receive the securities. Thus, post-trade processing emphasizes DvP: securities delivery occurs if and only if payment is made. There are three main DvP models: DvP1—both securities and funds settled gross and individually; DvP2—securities settled gross, funds settled net; DvP3—both settled net.
In this context, the payment leg uses wholesale CBDC, and the delivery leg uses tokenized securities. The logic of tokenized securities mirrors that of CBDC, changing from “issuance against 100% reserves” to “issuance against 100% securities backing.” This can shorten the securities custody chain and improve trading efficiency.
Two DvP scenarios arise here.
First, using the same DLT system for both legs, known as single-ledger DvP. In single-ledger DvP, both funds and securities are recorded on one ledger. After both parties confirm the transaction, an atomic settlement smart contract coordinates clearing and settlement, enabling simultaneous transfer of securities and funds.
Second, using two separate DLT systems for each leg, known as cross-ledger DvP. Cross-ledger DvP poses greater challenges and is a focal point of wholesale CBDC experiments, with multiple interoperability techniques available.
Phase 3 of the Ubin project tested cross-ledger DvP feasibility across multiple platforms (Quorum, Hyperledger Fabric, Ethereum, Anquan Blockchain, Chain Inc Blockchain), involving trades between tokenized Singapore government bonds and wholesale CBDC. Three prototypes were developed:
Prototype 1, designed by Anquan: wholesale CBDC on Quorum, tokenized securities on Anquan Blockchain.
Prototype 2, by Deloitte: wholesale CBDC on Ethereum, tokenized securities on Hyperledger Fabric.
Prototype 3, by Nasdaq: wholesale CBDC on Hyperledger Fabric, tokenized securities on Chain Inc Blockchain.
These prototypes demonstrate that multiple DLT platforms meet requirements for both wholesale CBDC and tokenized securities. Ubin Phase 3 used Hashed Time-Lock Contracts (HTLC) for cross-ledger DvP, finding that DLT shortens settlement cycles to T+1 or even 24/7 real-time settlement (compared to T+3 in Singapore’s current market), reducing counterparty and liquidity risks. However, HTLC-based cross-ledger DvP may fail to settle, making arbitration mechanisms crucial for resolving disputes. Moreover, HTLC locks assets during the settlement window, preventing their use in other transactions and potentially reducing market liquidity.
Stella Phase 2 tested both single-ledger and cross-ledger DvP. In single-ledger DvP, once parties agree on a transaction, payment and delivery obligations merge into one transaction processed via cryptographic signatures. Cross-ledger DvP used HTLC. Like Ubin, Stella found that HTLC may lead to settlement failure.
Therefore, wholesale CBDC can support tokenized securities trading and enable single-ledger DvP in a DLT environment, but HTLC-dependent cross-ledger DvP has inherent flaws.
3. Can wholesale CBDC support payment versus payment (PvP) in synchronized cross-border transfers?
The logic of applying wholesale CBDC to synchronized cross-border payments resembles its use in tokenized securities, except that the delivery leg now involves foreign exchange.
In Phase 4, the Ubin project partnered with Jasper to test synchronized cross-border payments. Singapore dollar CBDC ran on Quorum, Canadian dollar CBDC on R3 Corda. They evaluated three models. First, the intermediary model: an intermediary (typically a commercial bank) participates in both platforms. For example, after receiving SGD CBDC from a Singaporean payer on Quorum, the intermediary converts the amount internally and sends CAD CBDC to the recipient in Canada via R3 Corda. In the second model, both the paying bank in Singapore and the receiving bank in Canada participate in both platforms and transact directly. In the third model, a single DLT supports multiple CBDCs. Ubin and Jasper focused on testing the intermediary model using HTLC for synchronized cross-border payments. Results showed that payers and recipients can achieve synchronized cross-border (and cross-platform, cross-currency) payments without trusting the intermediary; HTLC proved reliable in most cases.
The Stella project’s Phase 3 also tested synchronized cross-border payments, focusing on the intermediary model, with participants including paying bank, receiving bank, and intermediary. Ledger types were not restricted, and five interoperability methods were tested: Trust Lines, On-Ledger Escrow with HTLC, Simple Payment Channels, Conditional Payment Channels with HTLC, and Third Party Escrow. The first four belong to Interledger Protocol’s HTLA. Findings indicated that On-Ledger Escrow, Third Party Escrow, and Conditional Payment Channels have enforceable mechanisms protecting compliant parties from principal loss. In terms of liquidity efficiency, rankings from highest to lowest were: Trust Lines, On-Ledger Escrow, Third Party Escrow, Simple Payment Channels, Conditional Payment Channels.
Thailand’s Project Inthanon also tested synchronized cross-border payments using a “corridor network” model. This involves “mapping” two currencies’ CBDCs onto a shared DLT (issuing CBDC vouchers on the corridor network backed 1:1 by CBDC reserves), enabling multi-CBDC support on a single ledger. Thus, cross-border transfers occur on a single book, avoiding cross-chain complexity.
Finally, it must be stressed that for wholesale CBDC applications—whether in tokenized securities or synchronized cross-border payments—whenever multiple DLT systems are involved, interoperability becomes central, and HTLC is a key but imperfect solution. HTLC is foundational for conditional payments in decentralized, trustless environments and is key to understanding programmability in digital currencies. Beyond cryptography, HTLC’s core lies in sequential game theory. Assuming rational behavior, all conditional payments under HTLC either complete fully or revert safely, making it atomic. However, if any participant acts irrationally (e.g., operational errors), HTLC fails. Thus, HTLC’s flaw lies not in technology, but in mechanism design.
4. Conclusion
After years of research and exploration, major central banks’ CBDC designs have converged toward core principles: “M0 substitution, issuance against 100% reserves, adherence to the two-tier model, adoption of the Token paradigm, and non-interest-bearing.” The key unresolved issue remains whether to prioritize wholesale or retail models. This choice will shape the CBDC’s target use cases, design trajectory, and deployment strategy.
According to BIS surveys, most central banks focus more on retail CBDC. However, because wholesale CBDC mainly involves central banks and commercial banks—it operates at the financial infrastructure level, targets well-defined use cases, and avoids complex monetary and financial implications—its experimentation has progressed faster than retail CBDC. Currently, the PBOC’s DC/EP leads globally among retail CBDC initiatives.
Findings from representative wholesale CBDC projects show consistent patterns. First, wholesale CBDC supports RTGS, and LSMs can be implemented decenteralized via smart contracts. Second, wholesale CBDC enables tokenized securities trading, supporting single-ledger DvP in DLT environments, though HTLC-based cross-ledger DvP has limitations. Third, the logic of applying wholesale CBDC to synchronized cross-border payments mirrors that of tokenized securities, with the delivery leg replaced by FX. The intermediary model dominates cross-chain approaches. Payers and recipients can achieve synchronized cross-border payments without trusting intermediaries. HTLC proves mostly reliable. Finally, beyond cryptography, HTLC’s essence lies in sequential game theory—the flaw of HTLC is not technological but stems from mechanism design.
Retail CBDC includes a wholesale layer, but this applies solely to issuance and redemption, not to applications in securities or cross-border payments. Retail CBDC promises cash-like safety and peer-to-peer convenience. The primary motivation for central banks is to harness CBDC’s openness to advance financial inclusion. The interplay between retail CBDC and cash usage is subtle: both high and low cash usage strengthen the case for retail CBDC. Key design considerations include: (1) impacts on financial stability and monetary policy; (2) payment and settlement arrangements; (3) balancing openness, limited anonymity, and compliance; (4) engaging the private sector in adoption; and (5) enabling foreign individuals and institutions to hold and use retail CBDC. None of these issues have universally accepted answers and warrant further study.
Regarding the path forward for CBDC, should the focus be on wholesale or retail? There may be no one-size-fits-all answer, but the diversity of paths allows different projects to complement and validate each other. As representative wholesale CBDC projects complete their trials, retail CBDC—with its deeper entanglement in complex monetary and financial dynamics—is poised to become the next frontier of research.
Join TechFlow official community to stay tuned
Telegram:https://t.me/TechFlowDaily
X (Twitter):https://x.com/TechFlowPost
X (Twitter) EN:https://x.com/BlockFlow_News
