Introduction
On 25 October 2021, Nigeria became the second country in the world after the Bahamas, and the first in Africa, to launch a central bank digital currency (CBDC). Launched with the tag line “Same Naira. More possibilities”,Footnote 1 the Central Bank of Nigeria (CBN) publicized the eNaira as having the capability to deepen financial inclusion, reduce the cost of cash and financial transactions, and support a resilient and more efficient payment system. This article identifies the significant challenges that make the eNaira unacceptable and potentially ineffective. First, its status as legal tender is questionable. Secondly, it undermines privacy, a critical component of physical cash. Thirdly, the eNaira cannot be widely accepted by individuals and entities across Nigeria. The eNaira is the digital form of the Naira, a direct liability of the CBN, and legal tender that will form part of the currency in circulation at par with the physical Naira.Footnote 2 It is designed as an account-based general-purpose retail CBDC offered to both wholesale and retail counter-parties.Footnote 3 It operates a hybrid or two-tiered architecture that allows the CBN to issue the eNaira, manage e-wallets and maintain a central ledger of all transactions, while leveraging existing financial institutions to engage directly with users for its distribution, payment facilitation and dispute resolution.Footnote 4 The wallet is a five-layered wallet system consisting of the stock, treasury, sub-treasury, merchant speed and (individual) speed wallets.Footnote 5 The specific policy objectives of the eNaira include improving the availability and usability of central bank money, payment efficiency and reducing the cost of cash. It also aims to facilitate direct welfare disbursements to citizens, increase revenue and tax collection, facilitate diaspora remittances and drive financial inclusion.Footnote 6 The CBN identified “inclusion” as a key design principle to facilitating and enabling access to financial services in Nigeria,Footnote 7 where only 45 per cent of the adult population (of 106 million) have bank accounts.Footnote 8 Despite this promise, the eNaira has had about 700,000 downloads almost one year after its launch.Footnote 9 Indeed, while CBDCs are expected to offer the unbanked a safe place for their savings and the availability of micro-payment that increases access to credit, the eNaira highlights one of CBDCs’ greatest fears: the risk that it will not be accepted.
This article examines the status of the eNaira as legal tender, its threat to privacy of payments and transactions, and its non-inclusive design as critical challenges that may affect its effectiveness and acceptability. First, the article provides some background on CBDCs. It examines definitions and motivations for CBDCs by the CBN and other central banks. It argues that, despite touting other advantages of a CBDC, the CBN's motivation for the eNaira is the growing interest in cryptocurrencies (cryptos) in Nigeria. In the hurry to counter the perceived risks of cryptos, however, the CBN skipped best practices and undermined the legitimacy and acceptability of the eNaira. The article then analyses the critical questions around the legal tender status of the eNaira. It argues that the CBN creates uncertainty and undermines the eNaira by designating it legal tender without express legislative authority. While status as legal tender is not fundamental to the acceptability of all forms of money, it is an integral aspect of fiat currency and critical to its mandatory acceptance. In the next section, the article examines privacy concerns around CBDCs and the extent to which the eNaira addresses them. It argues that, since CBDCs cannot guarantee complete anonymity, the correct approach is to have a robust data governance regime, including data protection and cybersecurity frameworks. The section demonstrates that, while this approach places new consumer-facing obligations on the CBN, it has done very little to allay the fears of surveillance and misuse of personal data associated with CBDCs generally and the eNaira specifically. As the article argues, the CBN misapprehends the meaning and scope of informed consent to data processing, allows monitoring and tracking of users, and fails to protect children and other vulnerable groups. Furthermore, it disregards the provisions of the Nigerian Data Protection Regulations, thus increasing the likelihood of non-compliance by other stakeholders (such as private banks and other payment service providers) within the CBDC's ecosystem. The article then highlights the gaps between the design of the eNaira and policy objectives such as financial inclusion. It argues that the eNaira is unlikely to improve financial inclusion significantly, even though Nigeria has one of the highest financial exclusion rates in the world. Instead, its lack of offline capabilities and additional cost of access are intrinsically exclusive of people with technological and other social disadvantages. The article draws on the evolving literature on CBDCs, including academic and policy papers, technical research by central banks and international financial institutions, as well as legislative and regulatory proposals by law and policy makers. It concludes with recommendations for (re)designing the eNaira based on best practices identified throughout the article.
CBDCs / eNaira: Definitions and motivations
The CBN did not define the eNaira, beyond stating that it is the digital form of the Naira.Footnote 10 This is not critical; the CBDC is not a well-defined concept and it is difficult to find a definition that captures all its elements. Nonetheless, the generic concept of a CBDC covers a nationalist and monetary sovereignty approach by central banks, and central banks expect their CBDCs to mimic the practical and functional aspects of fiat currency.Footnote 11 Therefore, the essential characteristics of a CBDC include its issue as sovereign currency by a centralized monetary or governmental authority, such as a central bank, and probably its designation as legal tender. Like cash, it is a central bank liability, denominated in an existing unit of account, which serves both as a medium of exchange and a store of value. It does not entail any credit risk for payment system participants and eliminates residual risks of liquidity, insolvency or payment outages, suffered by intermediaries in the payment system.Footnote 12 A CBDC is also intrinsically valuable. It is not backed by deposit insurance schemes or an underlying asset pool to sustain its value. It must, however, not be confused with balances in traditional reserve or settlement accounts, which are private monies that mainly take the form of deposits in commercial banks and are claims on commercial banks held by the public. In contrast to these private forms of money, a CBDC bypasses the balance sheet of an intermediary to settle transactions directly in central bank money, on the central bank's balance sheet and in real time.Footnote 13
The CBN further describes the eNaira as an account-based, general-purpose CBDC offered to retail counterparties, thus highlighting the distinctions between retail (general purpose) and wholesale CBDCs, and account and token-based systems. Wholesale CBDCs are offered to existing account holders and participants in the real time gross settlement payment system and are, thus, not new forms of money.Footnote 14 A retail CBDC is offered directly to the public by central banks. Its significance lies in the fact that it potentially invites the whole population to operate an account with the central bank, records payments in the same way as transactions with money in private bank accounts,Footnote 15 and necessitates record keeping and identification tied to a digital identity system, such as the biometric verification number (BVN)Footnote 16 and national identification numberFootnote 17 in the case of the eNaira. The question here, which can be dealt with summarily, is whether by offering eNaira to the public, for example through its eNaira platform, the CBN thereby constitutes itself as a retail bank in contravention of its mandate to act as a bankers’ bank and a banker to the government and its agencies.Footnote 18
It is fairly settled that central banks already offer account-based wholesale central bank money, which is held as reserves and banknotes.Footnote 19 Like reserves (held in electronic form), wholesale CBDCs are available to select financial institutions. This is in line with the role of central banks to operate interbank payment systems, ostensibly involving banks. However, a retail CBDC is different. It entails the central banks offering account opening services to all agents in the economy. On a strict interpretation of the law, the CBN is probably unable to offer retail eNaira because it can only act as banker to the federal government and other banks.Footnote 20 A more liberal reading may, however, offer some respite. The law also permits the CBN, wherever necessary, to cooperate with other banks in Nigeria to promote and maintain an adequate and reasonable financial service for the public.Footnote 21 Thus, it can be argued that, since the eNaira is a liability of the CBN, adopting the intermediated system (allowing the CBN to use authentication and identity management frameworks offered by existing players to provide financial services to the public)Footnote 22 is leveraging or cooperating with private sector actors (such as commercial banks and regulated non-banks) to facilitate the management of the eNaira holding and payments. What remains to be seen is whether the courts would be willing to cast the scope of this provision so widely if the CBN is challenged on the grounds that it has no mandate to issue a retail CBDC.
While account based CBDCs are like private money in that they depend on account ownership but with central banks, token-based CBDCs mimic cash. They rely on a cryptographic technique called blind signature, which enables the central banks to sign them digitally and derive their value from the central bank's signature on the CBDC's public key system.Footnote 23 The ability of the payee to verify the authenticity of the token is critical to trust in the system. Based on their cash-like features, token-based CBDCs have been categorized as e-money in the strict sense. It was argued that this status gives them anonymity and makes them less invasive to privacy than an account-based CBDC.Footnote 24 It is, however, important not to overstate the privacy implications of token and account-based retail CBDCs. According to the Bank of England, while it is the nature of cash to be anonymous, central banks have no specific mandate to provide untraceable or anonymous payment methods and will not do so because they can breach regulatory anti-money laundering (AML) and combatting the financing of terrorism (CFT) requirements.Footnote 25 Moreover, from technical and operational perspectives, neither CBDC could completely replicate cash-like transfers; both require a ledger and means to identify the users, and neither would support a system where payments can be made without reference to any third party or intermediary.Footnote 26 Account-based systems are linked to account holders, who must authorize payment. Token-based CBDCs need to be linked to a register to avoid the risk of “double spending”.Footnote 27 As the bank further notes, the difference between the two systems is not so much that one protects privacy more than the other. Rather, the core difference relates to the underlying data structure and the related process for moving funds. In any case, both systems can be configured with various identity solutions, ranging from fully anonymous to pseudonymous and fully transparent, identifiable solutions.Footnote 28 As argued below, privacy protection also depends on a range of factors, including data protection laws and governance frameworks, as well as the level of compliance by central banks and other players within the CBDC ecosystem.
Regarding motivations, a simple explanation often offered for the growing interest of central banks in CBDCs is the need to respond to the rapid shift towards digital payments and sustaining trust in central bank money and the economy. While consumers tend to have an array of choice of private digital money, only central bank money has value that is intrinsically guaranteed. Central banks therefore have an obligation to ensure the availability and accessibility of central bank money in the digital form, because it is the safest form of money in the economy and private issuers rely on the convertibility of their money to central bank money. CBDCs thus safeguard the role of sovereign money as a public good that central banks have managed for centuries.Footnote 29 Central banks also see CBDCs as instruments to increase the efficiency of settlement and clearing services, and extend central bank monetary toolkits, such as encouraging spending during an economic downturn and even increasing tax revenue.Footnote 30 They are considered a good substitute in countries where cash use is declining,Footnote 31 while countries with unstable currencies and weak fundamentals see the CBDC as a tool to counter the risk of currency substitution by CBDCs issued by larger economies.Footnote 32 Surveys have consistently suggested that financial inclusion and enhancing payments remain key motivations for many central banks.Footnote 33
While they are sound, it is doubtful whether these objectives are the only reasons driving central banks’ interest in CBDCs.Footnote 34 One other suspect is the growing interest in cryptos.Footnote 35 Although one survey suggests that, globally, only a handful of central banks responded that concern about cryptos or other private digital tokens was motivating their work on CBDCs, there is some evidence to the contrary, at least in Nigeria. Nigeria has one of the highest numbers of cryptocurrency users in the world,Footnote 36 thus prompting fears that cryptos will become widely accepted or even replace the fiat currency. In a circular addressed to deposit money banks, non-bank financial institutions and other financial institutions in February 2021, the CBN reminded regulated institutions that dealing in cryptos or facilitating payments for crypto exchanges is prohibited; the institutions were also directed to identify persons or entities transacting or operating crypto exchanges within their systems and ensure that such accounts be closed immediately.Footnote 37 In further justification of its position, the CBN underlined the threats posed to the national currency, arguing that the issue of cryptos by unlicensed entities is in direct contravention of the law mandating the CBN as the issuer of legal tender in Nigeria.Footnote 38
The ban on or restriction of crypto transactions and exchanges is not so much the problem. Indeed, the risks of cryptos are well documented.Footnote 39 They are speculative assets that cannot perform the core functions of money because of their high volatility. They are issued by entities outside the traditional monetary system of central banks, commercial banks and licensed financial intermediaries, and are denominated in a novel unit of account rather than a fiat monetary unit.Footnote 40 They can thus precipitate inaccessibility or unavailability of state-backed money or means of payment, lead to disintermediation in the financial sector, and undermine the ability of central banks to oversee the safety and efficiency of payment systems and monetary policy. Invariably, cryptos touch the core of central banks’ mandate to issue sovereign money. The European Parliament categorized them as a “political agenda underpinned by a libertarian philosophy that is antagonistic towards central banking”.Footnote 41 It argued that, while cryptos harbour technological innovations (such as blockchain) that may be beneficial to the broader economy and monetary system, they also promote the libertarian rhetoric rejecting central regulation and tie into an ideology in which human institutions (such as governments and central banks) “are to be replaced by deterministic technological processes that provide a neutral and self-sustaining framework for individual flourishing”.Footnote 42 Cryptos allegedly aid criminality and have been linked to obfuscation of complex money laundering schemes, for-profit child sexual abuse materials, and fraud and extortion schemes.Footnote 43 The aim of central banks, including perhaps the CBN, is to use CBDCs to counter the negative impacts of cryptos while also leveraging their adaptable distributed ledger technology (DLT) technology to enhance competitiveness in the financial market and promote financial inclusion. The French central bank (Banque de France) admitted that issuing (retail) CBDCs may stem the growth of crypto assets and the numerous risks, such as high volatility, and elevated operational and liquidity risks, that they pose.Footnote 44 According to the UK House of Lords, many developed countries are contemplating CBDCs to counter the risk of big tech accruing excessive market power through issuing digital currencies to users on their vast networks.Footnote 45
Rather than the ban on cryptos, therefore, it is the haste with which the CBN launched the eNaira that forces the conclusion that its main motivation might have been the fear of cryptos. When the CBN launched the eNaira shortly after its ban on cryptos (in October 2021), it also ostensibly skipped recommended best practices for introducing CBDCs. Such best practices aggregated from the literature include following extensive research, public consultation, testing, and pilot phases to evaluate the risks, usability and acceptability of the CBDC and threats to extant regulation.Footnote 46 Conversely, while the CBN claimed to have started the CBDC journey in 2017 with extensive study, consultations, identification of use cases and the testing of the CBDC concept in a Sandbox environment, it published no reports beyond the eNaira Design Paper and eNaira Guidelines released contemporaneously with the eNaira. There were also no reports on the experimentation or trial or pilot phases of the eNaira to demonstrate an evaluation of the risks and benefits. Central banks have remained justifiably cautious of CBDCs because they carry huge financial stability risks; they could create substitution and disintermediation risks and increase the security, regulatory and operational risks of central banks.Footnote 47 Unlike private banks, central bank money is both a risk-free asset and means of payment; central banks cannot go bankrupt and can always meet their obligations in the national currency as they have unlimited capacity to create new money.Footnote 48 Thus, CBDCs could cause disintermediation and pitch central banks in direct competition with commercial banks. Citizens could pull too much money out of commercial banks to purchase CBDCs, triggering a run on the banks. CBDCs can also increase the risk of currency substitution, especially for countries with volatile exchange rates and low confidence and trust in the national currency. They can create reputational and cybersecurity risks for central banks who may have to play more active roles in the payment chain, such as interfacing with customers and providing consumer-facing services and protection, including the protection of privacy.Footnote 49 The next section of this article demonstrates Nigeria's unpreparedness in the context of extant laws. It analyses the application and limitations of Nigeria's Central Bank Act 2007 (CBN Act) to the eNaira, focussing on the legal and practical effects of its legal tender status on its mandatory acceptance.
Is the eNaira legal tender?
The CBN anchored its issue of the eNaira on the general provisions contained in its enabling law, the CBN Act, and referred to the eNaira specifically as legal tender money. As stated in the eNaira Guidelines, the bank acted in furtherance of its mandate to issue legal tender currency, ensure financial system stability and promote the development of e-payment systems.Footnote 50 As the sole authority for issuing the eNaira, the CBN manages the central ledger of all transactions and opens individual “wallet” accounts for members of the public. The critical question here is whether there is a legal basis for designating the eNaira as legal tender.
One of the principal objects of the CBN is to issue legal tender currency in Nigeria.Footnote 51 The law does not, however, limit the types of currency that the CBN may issue, as it confers on the bank the monopoly to issue the Naira or other token that may represent legal tender.Footnote 52 The caveat is that the bank must prescribe the circumstances and conditions under which other currencies may be used as medium of exchange in Nigeria.Footnote 53 While these provisions seem to allow the CBN to issue eNaira, and designate it as legal tender, the issue is not easily settled. One argument is that designating any form of money as legal tender must be backed or authorized by legislation, as national currency is an expression of monetary sovereignty, which denotes the ability of states to issue and regulate their own currency.Footnote 54 In practice, a state delegates this power to its central bank when it confers on it the power to issue legal tender to the exclusion of other authorities or agencies. Therefore, the power to issue legal tender does not reside intrinsically in central banks. By the same logic, the right to determine and change the form or value of the currency also resides with the state. The Nigerian Constitution supports this proposition. It confers the power to make laws with respect to currency, coinage and legal tender on the National Assembly, being a matter falling under the exclusive legislative list.Footnote 55 In effect, the decision to designate the eNaira as legal tender cannot be taken unilaterally by the CBN via a policy document, such as the eNaira Design Paper.Footnote 56 It will require legislative input either in the form of an amendment to the CBN Act or new legislation.
Another argument is that the CBN cannot enforce the legal consequences of legal tender with respect to the eNaira, thereby minimizing its de facto legal tender status. The eNaira must work like banknotes in the sense that it must be generally accepted or received and, in particular, it cannot be lawfully refused. It is an offence to refuse to accept the (physical) Naira and any person convicted is liable to a fine of NGN 50,000 or 6 months’ imprisonment.Footnote 57 The suggestion here is that legal tender status comes with mandatory acceptance. However, the eNaira is dependent on technical aids, meaning that users need access to devices such as telephones, payment terminals, data and electricity when making payments. Therefore, those with technical constraints, such as people (or businesses) who do not own mobile devices, payment terminals or data, cannot accept or receive the eNaira. In this case, it is not only unreasonable to oblige a creditor to accept the eNaira for payment (as a consequence of it being legal tender), but also illegitimate, inequitable and exclusionary.Footnote 58
Furthermore, as the law did not appear to envisage the issue of legal tender in forms other than the physical, its application to digital money is in doubt. For example, section 20 of the CBN Act provides that the “currency notes and coins” issued by the CBN shall be legal tender in Nigeria at their face value for the payment of any amount. Applying the rules of interpretation, “currency notes” literally means physical notes. In section 17, the CBN Act explicitly mentions banknotes and coins and refers to a divisible (Naira) currency.Footnote 59 In contrast, a CBDC cannot be divided, but must be destroyed and replacements issued.Footnote 60 The law also makes provisions relating to printing and minting of banknotes and coins, and not “mining”, which is applicable to digital currencies.Footnote 61 Offences under the act presumably anticipate banknotes and coins as legal tender and are inapplicable to digital currency, which lacks a physical form. While it is an offence to falsify or counterfeit a bank note or coin issued by the CBN,Footnote 62 it is technically impossible to counterfeit digital currency, which must be protected against the risk of double-spending.Footnote 63 Also, a note or coin is tampered with when it is impaired, diminished or lightened other than by fair wear and tear, or has been defaced by stumping, engraving, mutilating, piercing, stapling, writing, tearing, soiling, squeezing or any other form of deliberate and wilful abuse, whether or not the coin or note has been thereby diminished or lightened.Footnote 64 Spraying of, dancing or matching on, hawking, selling or otherwise trading in Naira are abusiveFootnote 65 and defacing the (physical) Naira is punishable by law.Footnote 66 All these offences are inapplicable to digital currencies.
The courts may also struggle to recognize and enforce a CBDC as fiat money. In Skatteverket v David Hedqvist,Footnote 67 the Court of Justice of the European Union had to decide whether the exchange of virtual currencies for traditional currency and vice versa, effected for consideration, is tax exempt under article 135(1) of the VAT Directive 2006. The exemptions laid down in article 135(1)(e) of the directive provide that member states are to exempt transactions involving, inter alia, “currency [and] bank notes and coins used as legal tender”.Footnote 68 The court accepted that “bitcoin” (the virtual currency in issue) qualifies as a financial transaction and falls within the scope of the exemptions in article 135(1)(e), being a non-traditional currency or currency other than those that are legal tender in one or more countries, in so far as they have been accepted by the parties to a transaction as an alternative to legal tender and have no purpose other than to be a means of payment.Footnote 69 However, it declined to extend the exemptions in article 135(1)(d) and (f) of the directive to the transactions. It held, for instance, that, being a contractual means of payment, “bitcoin” cannot be regarded as a current account or a deposit account, a payment or a transfer under article 135(1)(d).Footnote 70 Unlike a debt, cheques and other negotiable instruments referred to in the article, the “bitcoin” virtual currency is a direct means of payment between the operators that accept it.Footnote 71 Article 135(1)(f) of the directive covers, inter alia, transactions in shares, interests in companies or associations, debentures and other securities.Footnote 72 The reasoning of the court is that the exemptions laid down by article 135(1)(e) of the VAT Directive are intended to alleviate the difficulties connected with determining the taxable amount and the amount of VAT deductible, which arise in the context of the taxation of financial transactions. It therefore follows from the context and the aims of article 135(1)(e) that to interpret that provision as including only transactions involving traditional currencies would deprive it of part of its effect.Footnote 73 However, as an indication that the court struggled with this distinction, it omitted to give an explanation why the exemptions in articles 135(1)(d) and (f) do not apply.
A practical consequence of a weak legal tender status is the inability of the eNaira to generate network effects needed to make it successful. Markets exhibit network effects or network externalities where the value of membership to one user is positively affected when another user joins and enlarges the network.Footnote 74 The effect is to make acceptance and convenience of payment instruments dependent on the number of users. For different forms of money, including cash, deposits and arguably CBDCs, network effects imply that a critical mass is needed to sustain their use. To be successful, more people (consumers and merchants) must be willing to use them. However, unlike other forms of payment that rely solely on market forces, statute has traditionally mandated national currencies as legal tender money, operating in effect as the major incentive for its acceptance. Therefore, a questionable legal mandate and inability to enforce mandatory use are unlikely to help generate the network effects for the eNaira as digital fiat currency.
Given the context in which the eNaira was introduced, therefore,Footnote 75 it is doubtful whether the CBN fully considered and prioritized the clarification of its mandate. The authoritative policy document, the eNaira Design Paper, only made a general reference to the powers and objectives of the CBN without analysing the implications, limits and interpretive challenges of these powers in the context of the eNaira. The Bank of International Settlements sets three foundational principles against which countries may assess their CBDCs. The first is to do no harm to wider policy objectives, the second is to ensure co-existence and complementarity of public and private forms of money, and the third is to promote innovation and efficiency. Meeting these principles requires a CBDC to have certain core features covering the instrument, underlying system and broader institutional framework in which it exists. One of the two core institutional features is a clear and robust legal framework, which means that a central bank should have clear authority underpinning its issue of a CBDC.Footnote 76 Accordingly, the Sveriges Riksbank noted that, while the concept of legal tender should be technically neutral so that it fulfils a function even in a digital future, and its preliminary assessment shows that an e-krona (the proposed Swedish CBDC) could be compatible with the Riksbank's statutory assignment of promoting a safe and efficient payment system, the bank will nevertheless propose an amendment to the law if it decides to issue the e-krona.Footnote 77 In the UK, the House of Lords opined that, if issued by the Bank of England, a CBDC will probably require some legislative reform. While there are issues, such as what privacy applies to it, existing legislation and definitions would also have to change. The Bank of England governor cautioned that the framework around a CBDC would need some legislative change, regardless of the bank's authority to issue it.Footnote 78 Jerome Powell, the chair of the US Federal Reserve, reportedly noted that the power of the Federal Reserve to issue the e-dollar should ideally come in the form of an authorizing law, rather than the bank trying to interpret the existing law to enable this. Heralding a new era of public money, the e-dollar would require public approval.Footnote 79 The Bank of Jamaica will roll out its CBDC, the Jam-dex, based on the authority given by the country's Senate through the passage of the Bank of Jamaica (Amendment) Act 2022.Footnote 80 The proposition here is that, while a central bank's mandate may cover the issuing of a CBDC, the question of whether it should be legal tender should ultimately be left for legislators.
However, not all authorities support this position (that the CBDC needs legal reform to operate as fiat money). Geva et alFootnote 81 argue that no new power is required for digital banknotes, as laws have historically been flexible to accommodate innovations in money. Accordingly, “the market creates, modifies, and recreates the concept of money … The law simply recognizes and changes, often ex post facto”.Footnote 82 The authors conclude that, even for CBDCs, constitutional powers should be interpreted in the spirit of promoting new developments (in money) and harnessing them to protect the public.Footnote 83 The main advantage of this approach is that it diminishes the impact of political interference in a central bank's decision-making, particularly in jurisdictions where constitutional or treaty amendment is needed to confer new powers on the central bank.Footnote 84 While the arguments here are sound, particularly from a public interest perspective, they raise additional questions about oversight and independence. First, it seems reasonable to allow the law to catch up with the invention of money only when the invention is by the market and the money is created privately but later given the status of sovereign money. It is more problematic when central banks as market regulators are also participating as innovators or creators of the digital money, as in the case of a CBDC. In such cases, the lines between market regulators and market players blur and competition may be negatively impacted.Footnote 85 Secondly, permitting central banks unilaterally to determine what constitutes fiat or legal tender money could lead to steep abuses of power and shield them from oversight and accountability for their policy and decision-making, particularly in fragile democracies like Nigeria. For example, the CBN has repeatedly ignored invitations to appear before the Nigerian National Assembly to explain some of its policies and disobeyed court orders, ostensibly with the support of the executive.Footnote 86 Surely in these circumstances a liberal interpretation suggesting that the CBN could dispense with legislative oversight in the designation of legal tender money must be avoided.
Privacy and data protection
Privacy is perhaps one of the most important policy considerations for a CBDC. As fiat money in digital form, CBDCs are expected to offer privacy and anonymity like cash. A public consultation launched by the European Central Bank showed that about 43 per cent of respondents considered privacy to be the most important feature of a digital Euro.Footnote 87 The Bank of England put the problem aptly when it noted that, “[a] failure to meet users’ reasonable expectations of privacy would be detrimental for confidence and trust in money and payments”.Footnote 88 However, given that complete anonymity is a unique attribute of cash and unlikely to be fully replicated by another payment system and, for regulatory purposes, is neither possible nor desirable,Footnote 89 the principal privacy concern, also identified by the CBN, is how to strike an appropriate balance between safeguarding consumers’ privacy rights and complying with transparency obligations for the purposes of AML and know-your-customer (KYC).Footnote 90
A brief examination of the design of the eNaira highlights some of the privacy concerns. The CBN mints and issues the eNaira and hosts the eNaira wallets of different stakeholders on its eNaira platform.Footnote 91 The eNaira wallet is a five-layered wallet system consisting of the stock, treasury, sub-treasury, merchant speed and (individual) speed wallets.Footnote 92 The “stock wallet” belongs solely to the CBN for warehousing all minted eNaira. Financial institutions maintain an “eNaira treasury wallet” to warehouse eNaira received from the CBN stock wallet, and in turn create “sub-treasury/ sub-wallets” for branches tied to them and fund the sub-wallets from their single eNaira treasury wallet with the CBN.Footnote 93 eNaira “merchant speed wallets” are used solely for receiving and making eNaira payments for goods and services, and the “speed wallet” is available to end users to transact on the eNaira platform.Footnote 94 Potential eNaira users are required to enrol on the CBN eNaira platform using their BVN and national identification number. The eNaira runs on permissioned DLT infrastructure to counter the threats it may pose to AML and CFT regulations. This is described as the “hyperledger fabric variant” of the DLT, an open-source enterprise-grade permissioned DLT platform, designed for use in enterprise contexts.Footnote 95 Under this arrangement, financial institutions onboard their customers (whether merchants or individuals) to the eNaira platform. In effect, the CBN controls the stock wallet and issues relevant e-wallets to respective stakeholders. Financial institutions are required to integrate the eNaira speed wallet feature into their electronic banking channels, develop internal frameworks to ensure compliance with KYC and AML / CFT requirements and integrate their backend systems into the digital currency management system for the efficient transfer of eNaira between bank accounts and eNaira wallets.Footnote 96
This design roughly corresponds to recommended best practices. The ecosystem is based on a broad public-private collaboration, or a “tiered” system designating roles to the public sector and private entities based on which is best suited to them. A public entity with public policy goals, like the CBN, is responsible for the core of the system so that it can steer the system to deliver policy goals and a safe and efficient payment system. Multiple private entities with shareholders and market-driven goals (such as commercial banks and other financial institutions) act as intermediaries, competing and offering choices within the ecosystem to drive innovation and efficiency.Footnote 97 Nevertheless, the design creates privacy concerns and heightens the risks of surveillance, cybersecurity and misuse of personal data. For example, (individual) consumers self-enrol (or onboard) to the eNaira platform using their BVN. The relevant information for a successful BVN validation check is the individual's first and last names, date of birth, state of origin, email address and phone number.Footnote 98 Also, for AML / CFT compliance, users of the eNaira are subjected to a tiered (0–3) KYC structure with transaction and balance limits. Tiers 1 to 3 (with eNaira daily transaction limits of NGN 50,000 to 1 million, and a wallet balance of NGN 300,000 to 5 million) are subjected to the same extensive documentation requirements stipulated in the CBN circular on tiered KYC.Footnote 99 Remarkably, documentation requirements for tier 0, with a daily transaction limit of NGN 20,000 and a (maximum) wallet balance of NGN 120,000 are also quite elaborate. They include a passport photograph and personal information (name, place and date of birth, gender, address and telephone no with national identity number, even if not linked to the telephone).Footnote 100 The fears of surveillance in these circumstances are justified. As the entity that controls the network, the CBN can choose whether to track citizens’ transactions, and spending patterns, thus increasing social monitoring. It can use the data collected to manipulate citizens (such as by giving the eNaira an expiry date to coerce people into spending in a flagging economy, so called “programmable money”).Footnote 101 Digital identities, such as BVN, are connected to the eNaira and the CBN can deny citizens access to their accounts (or other social services) as punishment for perceived anti-government activities, as it has done in the past.Footnote 102 This behaviour is even more likely because provisions restricting the CBN's power over the use of bank consumers’ data are quite vague. While restricting the use of the BVN to purposes specified by the CBN for instance, the revised BVN regulatory framework omitted to set out the specific purposes for which the BVN may in fact be used,Footnote 103 invariably leaving a gap in the framework that could be exploited.
CBDCs also abhor risks of misuse of personal data from other stakeholders. Personal data will necessarily be shared with third parties, such as “transaction validators”, involved in processing transactions.Footnote 104 Unlike central banks, which arguably have no commercial interest in personal data, such commercial entities could attempt to monetize end users’ personal data to which they have access.Footnote 105 It is the responsibility of the central banks in these cases to manage the risks created by third party access, through providing and enforcing a robust data governance regime for the CBDC ecosystem. The CBN must therefore identify who will have access and to what information, which entities can read or write on the ledger, and how they will be regulated. This is not merely about setting technical standards, but also data protection laws. The eNaira must protect the privacy of users in the sense that the processing of their personal data is subject to principles of data processing, such as legality, purpose limitation, data minimization, transparency and accountability, and user consent.Footnote 106
By its own privacy policy, the CBN already violates some of these principles. The policy conflates a privacy statement with much broader terms and conditions under a general “Privacy policy and terms of use” heading.Footnote 107 The CBN did not set out the information prescribed by the Nigeria Data Protection Regulation (NDPR), such as: what constitutes the data subject's consent; a description of collectable personal data; the purpose for collecting personal data; available remedies for violation of the privacy; and other rights of the data subject.Footnote 108 Under the heading “Our online privacy practices”, the CBN states that it is committed to transparency about users’ personal information and will ask for users’ consent when required by extant laws and regulations. However, under “Consent”, the policy suggests that, by accessing the website, eNaira users already consent to the processing of their personal data. It provides, “[b]y accessing this Website, accessible from enaira.gov.ng (Website or eNaira website), you expressly agree and consent to be bound by this eNaira Website Privacy Policy & Terms of Use (Terms and Conditions). Additionally, Use of this Website may be monitored, tracked and recorded … You hereby expressly consent to such monitoring, tracking, and recording”.Footnote 109
Conversely, under the NDPR, consent is specifically required to process sensitive personal data including biometric data. The regulation provides that consent to the processing of sensitive data, must be specific, direct and unambiguous, following a distinct communication of a request by any electronic means or in any writing, based on the circumstances of each case.Footnote 110 The only exceptions to such specific and direct consent are health emergencies, national security and crime prevention.Footnote 111 In addition, the regulation prohibits monitoring, tracking and recording unless the data subject consents.Footnote 112 It provides that no person shall be tracked, traced or be subject to automatic or digital decisions without a law of the National Assembly or consent of the subject; where consent is required, it must be direct, explicit and unambiguous.Footnote 113 Therefore, deemed consent derived from accessing the website is inadequate. Furthermore, onboarding of users requires the use of national identification numbers, which is information collected by another agency, the National Identity Management Commission. Under Nigeria's public institution personal data guidelines, public institutions that seek to access or use personal data collected by another statutory body shall, inter alia, publish a notice stating their intention to use the data, the basis for use, and the legal or public interest to be served by that use.Footnote 114 Publication is required to be made in four national newspapers, the institution's (in this case the CBN's) website and its social media handles and other appropriate media, at least 30 days before the data is used. It must be assumed that, since users are already onboarded without evidence of these publications, the CBN has not complied with the regulations.
Other problematic provisions of the CBN eNaira privacy policy include those relating to minors. Under the heading “Minor's information” the CBN states:
“We encourage parents and guardians to observe, participate in, and / or monitor and guide their online activity. eNaira Website does not knowingly collect any Personal Identifiable Information from persons under the age of 18. If you think that your child provided this kind of information on our website, we strongly encourage you to contact us immediately and we will do our best efforts to promptly remove such information from our records”.Footnote 115
By this statement, the CBN tacitly acknowledges that it does not have parental permission requirements in place, contrary to regulatory requirements that consent of the parent or guardian be sought and obtained before processing data, not after.Footnote 116 This approach not only suggests that the CBN has no obligation to verify the age of users of its website, but also that the protection of children's privacy is not a priority consideration, despite international convention guidance this area.Footnote 117
The cybersecurity architecture for the eNaira and the role of the CBN do little to allay fears of data breaches. Considering the type of information it holds, a CBDC ledger or platform can be classified as critical national infrastructure. The most significant risk to such infrastructure is its susceptibility to attacks by hostile nation states or criminal actors. Such attacks could compromise national security, lead to loss of national wealth and individual privacy, and exacerbate the risks of identity theft and fraud. In fact, it took just two days after the launch of the eNaira for criminals to launch a fake social media handle that attempted to trick users into disclosing personal information.Footnote 118 Rather than address the precarious position of the eNaira platform as the singular most vulnerable point of failure within the ecosystem, the eNaira Guidelines emphasize the roles of respective stakeholders to protect their wallets from fraud and other compromise, with the CBN's major role being dispute resolution.Footnote 119 In effect, the CBN cedes critical cybersecurity functions to other entities. While no design can guarantee absolute security, and all entities within the ecosystem must have operational resilience and data security and cybersecurity strategies,Footnote 120 the prescribed best practice is for central banks to be at the forefront of technology to secure the CBDC infrastructure.Footnote 121 As Fannti et al argue, this involves exploring DLT variants or designs that balance conflicting concerns of privacy and security, taking cross-border privacy and security breaches into account at the design stage and participating in global cybersecurity initiatives.Footnote 122
Financial inclusion: A test case for policy objectives
That financial inclusion is a core policy objective for introducing the eNaira is hardly surprising. Nigeria has one of the highest numbers of financially excluded adults in the world.Footnote 123 Ideally, two categories of people must be considered when discussing financial inclusion in the context of the eNaira. The first consists of those who cannot obtain a bank account and for whom cash will always be needed, such as foreigners and minors. For this group, the declining use of cash or its complete disappearance will put them at risk of having no means of making or receiving payments. As there is no suggestion that the use of cash in Nigeria is declining or, indeed, that the eNaira will phase out the use of cash, this group is safe, at least in principle. The second category consists of the more important group: those who do not have a bank account under the current system.Footnote 124 This group is financially excluded for various reasons, including lacking the required documentation for opening a bank account, remoteness of their location (for example, rural areas with no banking infrastructure), poverty, cost of services, financial illiteracy or other social disadvantages. For a CBDC to work for this group, it must, like cash, be usable by everyone and not be tied to bank account ownership.
The design of the eNaira does not exactly follow this logic. The eNaira still requires a legacy bank account, and the CBN expects customers to choose their preferred banking partner during the onboarding process and to be linked to that bank using their BVN and national identification number. As noted above, the eNaira is dependent on technical aids such as telephones, data, electricity and point of sale terminals.Footnote 125 In the case of poor people and those with other social disadvantages, the additional costs of devices and data could make the eNaira inaccessible and may disincentivize its use. Indeed, while mobile applications are the most probable implementation of CBDC, most of the Nigerian population do not have affordable access to the internet.Footnote 126 In terms of inclusion, the cost of technology and access means that entry barriers may be higher, not lower, for the financially excluded. The CBN itself noted that there is a real risk that the eNaira will be rejected not only by the estimated 37.1 million adult illiterate population, but also by others who do not have bank accounts for various reasons. Since maximizing the value and use of the eNaira depends largely on devices with internet capabilities, the eNaira risks further alienating sections of the population who are uneducated and lack access to internet or digital devices.Footnote 127 Invariably, the CBN admitted that the eNaira will not have nationwide geographical coverage and could only be relied on for payments made online, an admission that not only undermines the financial inclusion drive but also the legal tender status of the eNaira.Footnote 128
While the CBN noted further that it has mitigated the risks (of rejection and exclusion) by factoring inclusiveness into the core design principle of the eNaira, through “ensuring that Nigerians without internet enabled phones can access the service”,Footnote 129 there is no evidence to back up this claim. Based on research by some central banks, it is also not clear that offline infrastructure is technically or operationally feasible and it is challenging to ensure that such offline functionality is hack or fraud proof.Footnote 130 Offline CBDCs have associated credit risks; payments may not be fully final until at least one of the parties reconnects to a network. Thus, they expose counterparties to the risk that payment is not ultimately settled and increase the risk of double spending.Footnote 131 A weak or non-existent mobile data connection may also limit the usability and usefulness of CBDCs and compel central banks to find a simple way for payments to be made, without immediate (online) reference to the core ledger. Further classification of the systems into intermittent and extended offline systems offers limited practical help.Footnote 132 Intermittent CBDC allows users to transact only when the internet is temporarily unavailable and value or funds may not be stored locally on the device. Extended offline CBDC is a distinct ecosystem supported by dedicated devices with local stores of fund. They are used where or when the internet is persistently unavailable.Footnote 133 However, both systems depend on end-user devices (such as mobile phones), which are susceptible to theft, loss and compromise, such as hacking, that can undermine the integrity of the entire CBDC ecosystem. Extended offline CBDCs, which will presumably be used in Nigeria because of the deficit in internet infrastructure and the cost of access, can increase the risk of double spending, since fraudulent transactions can remain undetected until reconciliation or synchronization takes place online. Therefore, while central banks continue to work on solutions that allow offline device-to-device CBDC payments to reduce or eliminate credit and associated risks, and design options are increasing, the offline eNaira, like other CBDCs, is largely experimental or even hypothetical. The dilemma for the CBN is that it cannot offer guarantees that it would be able to implement an offline eNaira, while the eNaira is only a viable replacement for cash in Nigeria if it also works offline.
In this sense, the eNaira lacks the additional core features and foundational principles for a CBDC. The Bank of International Settlements identified these as convertibility and convenience, acceptability and availability, and low cost.Footnote 134 Convenience in CBDC terms means it is as easy to use as cash. Acceptable and available CBDCs are usable in the same types of transaction as cash, including for offline transactions (even if for limited periods and thresholds). CBDCs are low cost when they are available at very low or no cost to end-users who should face minimal requirements for technology investment.Footnote 135 As a critical feature, CBDCs have a high degree of accessibility when people can use them regardless of their geographic location, age, socioeconomic status, digital skills or disability. To match the key distinctive features of cash, CBDCs should permit offline payments, be easy for vulnerable groups to use, be free of charge for basic use and protect privacy.Footnote 136 The Riksbank makes a proposal for a register-based CBDC combined with a value-based solution for its eKrona. The effect is to make offline payments of small amounts possible and increase availability for groups that do not want or cannot have e-krona accounts.Footnote 137 A report by a group of central banks appears to provide one of the most useful guides for designing CBDCs for different types of users. A table of user stories categorizes users into well connected consumers, users with limited internet, unbanked persons, users with accessibility needs, users who prioritize privacy and small merchants at the point of sale. For unbanked persons, the ability to make digital payments without having a bank account is a primary need and motivation for use. The CBDC design concept to gain adoption by this category of user also includes low cost, dedicated universal access design and supporting institutions other than banks.Footnote 138 Ultimately, and based on previous implementation and the wider literature on payment innovations, the eNaira is likely to be successful with the unbanked if it fulfils their unmet needs, does not require users to buy new devices and can achieve network effects. Network effects here cover the effective implementation of mandatory acceptance of the eNaira as legal tender discussed above and motivating the voluntary uptake by consumers and merchants to counter the risk of rejection. In this regard, an emphasis on peer-to peer functionality can be particularly useful for financially excluded people who are unable or unwilling to have a bank account.Footnote 139
Conclusion
It may be premature to assert that the eNaira has failed, but it faces the serious risk that it will not generate sufficient demand to be successful. The analysis in this article shows that the CBN did not strike the correct balance on the important aspects of the eNaira. Indeed, the eNaira could aggravate privacy concerns in payment systems and may not be the optimal instrument to achieve the critical objective of financial inclusion. While its design appears to take cognisance of AML / CFT regulations, the eNaira did not deliver on privacy and financial inclusion, and questions remain about its legitimacy and qualification as legal tender. As the article further shows, the mere fact that the CBN developed and launched the eNaira faster than other central banks did not eliminate the risks and challenges. Instead, it underlines why most central banks are proceeding with caution; the fear is that CBDCs may not fulfil their hyped potentials and the cost may yet outweigh the benefits. Admittedly, CBDC designs are likely to require trade-offs, meaning that not all their motivations or objectives can be realized immediately or simultaneously. Nevertheless, the CBN could avoid the resulting misalignment between design and policy outcomes if it was better prepared in terms of research, clarity of mandate, and realistic and achievable policy objectives.
The CBN can take some remedial action. It can resolve legitimacy concerns by approaching the National Assembly for an amendment to its enabling law, the CBN Act. In this regard, it must aim to adopt technology-neutral language that allows non-physical currency to be designated as legal tender. Also, while surveillance is not an intrinsic feature of CBDCs, but of fragile democracies, a strong data protection regime could allow trust in the eNaira to evolve organically. The CBN must therefore develop a robust governance framework involving an eNaira privacy impact assessment. In the short term, and to preserve the same level of privacy with cash, a token-based eNaira can be introduced. Transactions here would be anonymous up to the limit set by AML / CFT regulations. Token-based systems are probably more suitable for financial inclusion; they can be stored on a medium such as the user's card, app or smartphone, they are suitable for smaller payments and transfers, and can take place via card readers that could enable offline payments. Alternative technologies such as voice controlled CBDC wallets and natural language processing can be explored to broaden financial inclusion among illiterate users and to make the eNaira more relevant to the Nigerian context. To drive acceptance further and expand the user base, the CBN should leverage ongoing research on CBDCs, conduct a user impact assessment and launch surveys to understand the factors responsible for low acceptance of the eNaira. At the same time, it is important to recognize that the eNaira may not be the optimum way to achieve financial inclusion for certain segments of the population. The poor and illiterate, rural dwellers and people with limited access to the internet or with poor networks will always need a basic bank account or access to mobile money services. Re-designing the eNaira and relevant regulatory frameworks must therefore take place in the context of the core public good functions of the central bank, which include engendering trust in the national currency and maintaining payment systems stability, not simply creating a digital version of fiat money.
Competing interests
None