The impact of fintech on central bank governance

Marianne Bechara is a Senior Fintech Counsel, Wouter Bossu is a Senior Counsel, Yan Liu is Deputy Senior Counsel, and Arthur Rossi is a Research Officer, all at the International Monetary Fund


Fintech presents unique opportunities for central banks. The rapid changes in technology that are transforming the financial system will allow central banks to enhance the execution of various of their core functions, such as currency issuance and payment systems1.

But some aspects of fintech pose major challenges. Central banks have always been at the cutting edge of financial technology and innovation. In the past, the invention of the banknote, the processing of payments through debits and credits in book-entry accounts, and the successive transitions of interbank payment systems from the telegraph to internet protocols were all transformative innovations.

Today, however, central banks are facing new and unprecedented challenges: distributed ledger technology, new data analytics (artificial intelligence [AI] and machine learning), and cloud computing, along with a wider spread of mobile access and increased internet speed and bandwidth.

As with previous health crises (for example, the 2003 SARS epidemic), the ongoing coronavirus disease (COVID-19) pandemic plays an accelerating role. Furthermore, building on their agile embrace of technological changes, the private sector reinvigorated its efforts to develop financial services and asset classes that can compete in the traditional domain of central banks.

This could have a major impact on central banks. For instance, major components of the national and international payment infrastructure could be dominated by private firms and networks. This, in turn, could impair their capability to deliver on monetary policy mandates and undermine their issuance monopoly for currency.

Those challenges increasingly pose questions for the governance of central banks. What is the impact of fintech on central bank mandates? Is the structure of their decision-making bodies conducive to a sound response? Will fintech affect their autonomy? How should central banks be transparent about, and accountable for, their response?

The purpose of this note is to discuss the authors’ preliminary views on how, from a legal perspective, central banks can best deal with the impact of fintech on their governance. These preliminary views are based on a review of central banks’ reaction thus far to the challenges posed by fintech to the legal foundations of their governance2.

At any rate, there is no ‘one size fits all’ approach to the issues discussed in the note. The central bank response to fintech is going to be influenced by a broad set of factors that would likely lead to different models. Moreover, fintech covers a diverse and complex set of technological advances. Some aspects of fintech may not require central bank actions and are beyond the coverage of this note.

After a brief conceptual introduction to central bank governance, the note will assess how each component of that concept is likely to be impacted by fintech, review how central banks have reacted, and discuss how they may need to (further) adjust the legal foundations of their governance to respond to the challenges posed by this impact.

Central bank governance

Central bank governance is a complex, multi-faceted concept. In general, governance can be defined as the ensemble of structures and arrangements by means of which an organization makes decisions in the pursuit of its mandate3.

Figure 1. Central bank governance—the concept

Source: IMF staff.

Central bank governance, in turn, is a concept composed of four constitutive and interrelated components: a central bank’s (i) mandate, comprising its objectives (the why), functions (the what), and powers (the how); (ii) decision-making structures; (iii) autonomy; and (iv) transparency and accountability.

The underlying idea is that the mandate shapes the three other components, which, in turn, interact with each other. These concepts can visually be represented as in Figure 1. From a formal perspective, the main features of that governance are typically established in the organic central bank law/act (often interpreted considering corporate laws or principles of general application).

The mandate (objectives, functions, and powers)


Any actions taken by central banks in response to fintech must be in pursuit of their legal objectives as established in their central bank law. This raises two legal questions.

First, are those actions appropriately anchored in their current traditional objectives, such as price and financial stability? For some central bank initiatives, such as the modernization of interbank payment systems, such anchoring appears to be noncontroversial.

However, other possible endeavours raise questions and require careful legal consideration. For instance, it might be challenging to justify the issuance of central bank digital currency (CBDC) in the context of the pursuit of price and financial stability objectives, since for some countries, this link is far from obvious4.

In assessing the legal basis of their fintech response, some central banks will also need to consider the constitutional perspective (including its specific interpretation rules), as their constitution may include core monetary and central bank law principles5.

Second, to support an innovative fintech agenda, will central bank laws be expanded with new, less traditional objectives? These could include promoting financial inclusion or financial innovation or fostering competition in and open access to payment systems.

  • Some central banks have had such an objective for a while. For instance, the Monetary Authority of Singapore has the objective “to grow Singapore as an internationally competitive financial centre.” Similarly, the Reserve Bank of Australia is required to pursue, in its payment systems policy, the objectives of “promoting the efficiency of the payments system and (…) competition in the market for payment services.”
  • More recently, the organic law of the Monetary Authority of the Cayman Islands was modified to require the central bank “in performing its regulatory functions and its co-operative functions” to “recognize the desirability of facilitating innovation in financial services business.” Similarly, the recent Brazil Central Bank Autonomy Law includes the objective of promoting the efficiency of the financial system.

It remains to be seen whether other countries will follow these examples. At any rate, central banks need to manage trade-offs between their different objectives. The more objectives a central bank has, the more complex those trade-offs become, especially in the absence of a clear hierarchy between such objectives.

Functions and powers

In light of the transformations caused by fintech, three legal questions arise regarding the statutory functions and powers of central banks: (i) what are central banks expected or required to undertake to perform their current functions? (ii) will fintech impose changes to the legal formulation of current functions and powers? and (iii) is fintech likely to lead to the development of novel central bank functions and powers?

Currency issuance

Fintech is likely to have a major impact on the legal foundations of the currency issuance function. Today, the use of currency can, in some countries, come under pressure because of digital payment solutions, large technology companies exploring the possibility of issuing their own digital money to their massive consumer base6, and the issuance of CBDC by foreign central banks potentially causing “currency substitution.”7

To ensure continued public access to some form of central bank money, many central banks are considering the issuance of CBDC. This will require a sound legal basis in the central bank law, which will depend on the design features chosen for the CBDC.

Specifically, for token-based CBDC, it may be necessary to reform the currency issuance function and powers, which today often are limited to banknotes and coins only. Issuing account-based CBDC, in turn, will often require enhancing the power to offer central bank cash current accounts to the general public8.

Fintech could have a major impact on the legal foundations of the governance of central banks, although fundamental changes to those foundations are not likely to be required

Monetary policy

Fintech will likely impact the implementation rather than the legal wording of the monetary policy function, in particular by exposing excessive constraints in the related legal powers. This function is typically broadly worded in the central bank law: “The central bank shall formulate and implement monetary policy.”

In contrast, the legal powers authorizing financial transactions with eligible counterparties are often restricted. For instance, open market and credit operations are only authorized with banks. This may pose two challenges.

  • First, if, due to fintech, traditional monetary policy counterparties were to become less relevant in the new financial system and economy, this could limit the effectiveness of the central banks’ monetary policy tools9. As one way to palliate this, central banks could consider enlarging the category of monetary policy counterparties. This may, in due course, require reform of the central bank law, for instance by granting more ‘guided flexibility’ to the central bank’s decision-making bodies to determine the categories of eligible counterparties10.
  • Secondly, some fintech firms may seek a specific regulatory status (for example, as ‘bank’) that offers access to monetary policy operations as a means to access an additional liquidity backstop, even though those firms do not engage in maturity transformation. This could eventually also push central banks to review their access policies and rules.

Beyond the issue of enlarging monetary pol- icy counterparties, central banks may also require new and explicit powers to charge interest on token-based CBDC11.

Box 1. The Sand Dollar and the Central Bank of Bahamas Act, 2020

The Central Bank of Bahamas is the first central bank to issue a widely used digital currency: the Sand Dollar. This issuance is underpinned by various provisions of the central bank’s newly enacted organic legal framework: the Central Bank of Bahamas Act, 2020.

While the act conflates the objectives and functions of the central bank, the currency issuance function is broadly worded (Section 5(1)(h)) and the definition of ‘currency’ explicitly includes not only banknotes and coins, but also the ‘electronic money’ issued by the central bank (Section 8(1)).

In turn, the act specifically grants the central bank the power to issue currency in the form of ‘electronic money’ (Section 12(7)). To support this, the act also grants the central bank regulatory powers to prescribe “the framework under which electronic money issued by the Central Bank (…) may be held or used by the public” (Section 15).

The choice to authorize the issuance of CBDC in the form of ‘electronic money’ is interesting. The Payment Systems Act, 2012, defined this form of money earlier as “monetary value represented by a claim on the issuer which (a) is stored electronically, (b) issued on receipt of funds for the purpose of making payment transactions but does not amount to a deposit under the regulatory laws; and (c) accepted as a means of payment by persons other than the issuer” (Section 29).

The 2012 act contemplates the issuance of ‘electronic money’ only by banks and trust companies licensed by the central bank, but the 2020 Act has extended this to the central bank itself.

Payment system soundness

Fintech could have a major impact on the legal foundations of the payment system function. To achieve their price and financial stability objectives, most central banks are tasked with promoting the safety and efficiency of payment systems.

To that end, central banks can act as operator, catalyst, regulator, and overseer of payment (and sometimes other) systems. This responsibility is as critical as ever with the payment system being transformed through new digital means of payment, service providers, and payment rails.

It is therefore imperative to review the legal foundation of the central bank’s oversight responsibilities in detail. Fintech does not challenge the establishment of safety and efficiency as the core purposes of payment system oversight.

In fact, safety and efficiency are gaining more traction and importance given the new risks stemming from new payment technologies, such as distributed ledger technology.

However, fintech tests the limits of the scope of the legal provisions governing the oversight function and powers (including regulation), which should extend to new payment systems, instruments, and firms. Box 2 explains in more detail the interaction between the legal foundation of this responsibility and fintech.

The same is true for the role of central banks as payment system operators. When they leverage fintech to modernize their own payment systems (for example, by setting up digital IDs or by expanding access to settlement accounts in central bank money to nonbank participants), central banks need to ensure that their laws allow them to do so12.

Additionally, when central banks are considering issuing CBDC for the purpose of establishing a more resilient and diverse payment system, they must ascertain that such issuance falls within their legal mandate.

The establishment by central banks of ‘innovation facilitators’ in support of fintech innovations raises several important legal governance issues (see Annex 1 for an overview of all innovation facilitators).

First, the type of facilitator (see Box 3) will depend on whether the central bank is legally entrusted with a payment system oversight (and/or a micro-prudential) function. Innovation hubs are suited for central banks without such functions, whereas regulatory sandboxes can only be developed by central banks with such function(s).

Secondly, central banks should carefully consider their deployment of fintech ‘accelerators’, as this can pose risks to financial autonomy, conflicts of interests, and regulatory capture. Legal analysis is required as to whether central banks have the legal power to set them up and to participate in, and fund, the ensuing fintech projects.

Given that a sizable number of central bank laws specifically prohibit the acquisition of equity stakes in commercial entities, most central banks that have launched accelerators prefer offering grants to fintech firms instead of equity participations13.

Box 2. The legal formulation of the central bank’s payment system oversight mandate

Over the last decades, many central banks have received strengthened payment system oversight mandates (including to implement Responsibilities A and B of the Committee on Payments and Market Infrastructures of the Bank for International Settlements/International Organization of Securities Commissions Principles for Financial Market Infrastructures). Several central banks (for example, Mexico and Sweden) have received explicit objectives with regard to the payment system. Almost all central banks now have an explicit payment system function. An increasing number of central banks are also given express powers (for example, registration or licensing, inspection, regulation, and sanctioning) to execute the oversight function, thus transitioning it from a ‘soft law’ (‘moral suasion’) to a ‘hard law’ approach.

Legally, the payment system oversight function and powers can thus take four forms:

1. a broad function implemented through ‘soft law’ powers;

2. a broad function implemented through ‘hard law’ powers;

3. a narrow function implemented through ‘soft law’ powers; and

4. a narrow function implemented through ‘hard law’ powers.

A broad oversight function is not limited to specific systems or firms, but instead refers to ‘the payment system’ as a whole. This allows the central bank to flexibly include all kinds of infrastructures and firms under its oversight purview, which would provide a legal basis to bring new fintech firms under the scope of oversight. In contrast, a narrow payment system function is limited to ‘payment systems’ only—that is, cash settlement infrastructures. Central banks with a narrowly worded function could find it challenging to extend their oversight to new fintech firms and products.

‘Soft law’ central bank powers are by definition broad and can be more flexibly applied to newcomers, but the moral suasion of the central bank may not be as strong vis-à-vis disruptive fintech firms as it is vis-à-vis traditional interbank infrastructures. Broad ‘hard law’ powers would cover the former, whereas narrow ‘hard law’ powers may not.

Thus, it can be argued that payment system oversight mandates established as a broad function combined with broad hard law powers are useful to avoid under-regulation of, and regulatory arbitrage by, fintech firms active in the payments space.

Without a sound legal foundation for this function, the central bank is at risk that the courts may overturn their oversight framework. This is particularly relevant for infrastructures that go beyond traditional interbank payment systems. This challenge is illustrated by the European Court of Justice (ECJ) decision to annul aspects of the European Central Bank’s (ECB) oversight framework for central counterparty clearing for securities transactions (ECJ, UK et al v. ECB et al C-T-496/11).

Lender of last resort

For those central banks with an explicit Lender-of-Last-Resort (LOLR) function and/or powers, the question arises whether its legal formulation will need to be adjusted to fintech. As a starting point, a considerable group of central banks do not have an explicit legal LOLR function and/or powers.

Relying on general legal provisions has the advantage of flexibility. However, for those central banks with such explicit legal function and/or powers, it will be necessary to analyse their legal formulation against the backdrop of the policy needs arising out of fintech.

Typically, that legal formulation restricts LOLR lending to banks and other deposit-taking institutions. As discussed in the context of monetary policy, some fintech firms could acquire a regulatory status that fits within one of those statutory categories to gain access to central bank funding, but that might not be possible for other fintech firms. If there were to be a policy preference to make the latter firms eligible for LOLR lending—and this is a big ‘if’14—reform of the central bank law would be required.

Box 3. Innovation facilitators in central banks

Given the increased pace of financial innovation and the competition to attract talent and capital raging among major financial centres, there is a pressing urgency for regulators to better understand fintech innovations and the ensuing risks, while allowing for testing in a controlled risk environment. A further complication is that the financial services industry is heavily regulated.

This led central banks and other regulators to develop three types of ‘facilitators’ to advance innovation in their jurisdictions. Innovation hubs provide a dedicated point of contact for fintech firms to address competent authorities and provide nonbinding guidance and interpretation of the regulatory framework1.

Regulatory sandboxes offer a controlled testing environment for new financial services, products, or business models. Of the 73 sandboxes included in a recent World Bank Group Survey2, 39 were either hosted exclusively by a central bank or co-hosted by a central bank in coordination with other regulatory agencies. This said, sandboxes are expensive and complex to set up, and therefore not all sandboxes that were either announced or legislated are currently ‘live’. Finally, Accelerators are arrangements that allow fintech providers to develop use cases that may be granted fund support and/or endorsement from the authorities.

Box Figure 3.1. Overview of central bank-hosted sandboxes and innovation hubs among IMF membership

Sources: IMF, European Supervisory Agencies, World Bank Group, Consultative Group to Assist the Poor (CGAP), and Columbia University.

1. See the chart titled, “Guidance is the main benefit that innovation facilitators offer to participating firms,” in CGAP World Bank Group Regulatory Sandbox Global Survey (2019).

2. See World Bank Group,” Key Data from Regulatory Sandboxes across the Globe,” November 2020.


Fintech could help central banks carry out their statistical function more efficiently. Facing an explosion of financial and other data produced in real time, central banks are increasingly using Big Data (that is, the massive volume of data that is generated by the use of digital tools and information systems) and AI to exploit new data sources (for example, social networks, ecommerce, and the internet of things) and new collection and analysis techniques (for example, machine learning and text mining).

This use does not raise fundamental issues under the legal wording of the statistical function and powers of central banks, but some other legal issues require attention. For instance, central banks may have to abide by complex data protection legal frameworks if they were to process (for example, collect and store) qualifying ‘personal data’.

This was admittedly not the case under traditional statistical collection and could increase legal and reputational risks, which need to be mitigated by adjusting decision-making structures as well as internal rules and procedures to ensure the proper use of data (see below).

Crossborder collaboration

Central banks are increasingly entering into arrangements with their peers to collaborate in responding to fintech (for example, on wholesale CBDC). Important motivations for this could be to enhance effectiveness and achieve economies of scale and thus reduce costs. Inter-central bank collaboration can take many forms, ranging from participation in working groups to bilateral arrangements and multi-party structures.

From a legal perspective, two issues arise. First, many central banks will require a firm legal basis in their central bank law to enter into the more structural forms of crossborder inter-central bank collaboration arrangements.

Second, this type of arrangement will need to be documented in the form of the most appropriate legal instrument. In that regard, whereas inter-central bank arrangements traditionally took the form of nonbinding memoranda of understanding, the question arises whether legally binding contracts would be a more appropriate legal instrument for some of those activities. This would specifically be the case if a (larger) central bank were to provide fintech-related services against fees to other (smaller) central banks.

Novel functions and powers

Legislatures have started to charge central banks with new fintech-related functions. In some cases, this link is indirect, in others more direct. The following examples illustrate this.

  • The Bank Negara Malaysia has a primary function “to promote a sound, progressive and inclusive financial system” (Section 5(2)(f)). While the soundness is a traditional purpose of central banks, the progressivity and inclusivity are not, and both combined constitute an interesting, indirect but broad legal basis for fintech initiatives.
  • In contrast, the recent organic law of the Central Bank of the UAE is more explicit and narrow: it charges the central bank with the function to “regulate, develop, oversee and maintain soundness of the Financial Infrastructure Systems in the State, including electronic payment systems, digital currency, and Stored Value Facilities” (Art. 4(g)).
  • The organic law of the National Bank of Ukraine includes a somewhat older yet similarly explicit and narrow function to “shape the development of modern electronic banking technologies (…); con- trolling the creation of (…) banking automation systems” (Art. 7.7).

Some central banks have been granted new legal powers with respect to non-traditional areas, such as data management or digital ID, with a view to establish a safe and secure public digital infrastructure aimed at improving the provision of fintech services15.

It is expected that other jurisdictions will follow. This could include developing a digital ID or signature systems to be used by the financial sector and maintaining digital records related to the latter.

Decision-making structures

Fintech has an impact on three components of central bank decision-making structures: policy formulation, executive management, and oversight.

Policy formulation bodies

The decision-making bodies charged with the formulation of monetary and financial policy need to have a sufficient understanding of fintech and its potential impact on the monetary and financial system.

This responsibility can legally be attributed to Boards of Directors, Executive Boards, or dedicated specialized bodies, such as Monetary Policy Committees (MPCs) or Payment System Boards.

In all cases, such bodies need access to the necessary fintech expertise, but the degree of need and form of access will depend on the nature and tasks of each body. For instance, MPCs are typically composed of top executives, staff versed in macro-economics, and non-staff experts of monetary policy (typically academics and former financiers).

MPCs will need specific fintech expertise to under- stand the impact of that phenomenon on the monetary system and the effectiveness of monetary policy, including its transmission mechanisms. That may be more challenging than for Payment System Boards, which are likely to have members that are more closely connected to innovative technologies.

Can the central bank law require that the policy formulation bodies include members with sufficient understanding of fintech and its impact on the monetary and financial system? If that is not an option, one solution could be to rely on external fintech experts participating in meetings. For some countries, this may require changes to the central bank’s primary or secondary legal framework.

Another solution would be to establish a body specifically dedicated to fintech16. Central banks can typically create purely advisory or coordinating bodies without a specific legal basis17.

If, however, the intention is to create a decision-making body with real powers, the central bank law should provide an explicit legal basis for it and address a number of related legal issues, such as its remit, membership, and a clear hierarchy between its decisions and those of other bodies. This will avoid creating potential conflicts within the central bank’s decision-making structure.

Executive management

In the decision-making set-up of a central bank, it is primarily executive management’s prerogative and duty to take measures that allow the central bank to respond appropriately to the challenges it is facing.

To exercise such duty, executive management must keep abreast in a systematic manner of the rapidly changing developments to allow it to make organizational change to achieve a higher degree of responsiveness and agility in reaction to those developments.

This primary responsibility does not preclude executive management from engaging with the Oversight Board to seek its guidance and counsel on how to react (see Figure 2).

To ensure that their executive management keeps abreast of fintech developments and can adjust the organizational structure accordingly, central banks have taken two types of innovative steps: dedicated high-level fintech officer positions and iLabs or other dedicated units.

Chief fintech officers and other dedicated high-level officials

Several central banks have created dedicated, high-level officer positions within, or in support of, executive management. These positions have taken the form of a ‘chief fintech officer’ (Hong Kong Monetary Authority, Monetary Authority of Singapore), a dedicated executive technology position with a broad set of responsibilities including fintech (Magyar Nemzeti Bank’s chief digital officer and the Bank of Finland’s head of digitalization)18, and an allocation of explicit technology responsibilities to existing top executives (for example, a deputy-governor in the Bank of Jamaica).

Figure 2. Executive Management (EM), fintech, and organizational change

Source: IMF Staff.

Such officers should have a clear position in the broader set-up of the internal governance structure. This will include clear lines of hierarchy and account- ability (including with respect to iLabs: see below).

A key element has to do with potential conflicts of interest and ‘revolving door’ provisions. These officers often have the responsibility to promote the development of the fintech ecosystem in their own jurisdiction.

This may involve the disbursement of grants from central banks to fintech firms of their choosing, while being responsible for the design of the regulation over such fintech firms, including by overseeing sandboxes. These positions thus create governance risks that should be mitigated by ensuring that the relevant rules of the internal Code of Conduct or Code of Ethics applying to these executives are adequate.

A second legal consideration is whether, if the chief fintech officer-type of role is given to a very high-level executive, such as a deputy governor. This would have an impact on the total number of such executives.

In most central bank laws, the number of deputy governors is fixed, but in several other central bank laws, appointing authorities can appoint as many such executives as they deem fit. For the latter central banks, the appointing authority could decide to appoint a specific fintech-related deputy governor, given the workload of the other executives and the need to establish separation of functions.

This would cause the number of top executives at a central bank to grow and could have far-reaching governance implications, including by impacting the delicate balance between executives and non-executive members of Oversight Boards19.

When such a position is created, the central bank’s legal department should be consulted to ensure that key governance safeguards are not undermined.

iLabs and other dedicated units

Many central banks are adapting their internal structures to respond to fintech by establishing iLabs and other dedicated units. Traditionally, central banks have mainly relied on two types of internal departments to deal with technological innovation: the payment system department, which typically manages the payments infrastructure, and the information technology (IT) department, which typically is responsible for cybersecurity, procuring financial software, and developing new fintech products20.

The acceleration of fintech has been the vector of three recent internal governance trends for central banks. First, given the increased number of fintech initiatives (including the acceleration of the work on CBDCs, for instance), certain central banks have created dedicated fintech units.

Second, other departments (for example, the statistics department) are increasingly involved in fintech work, leveraging new technologies, such as machine learning or AI solutions.

Finally, innovation laboratories, typically called iLabs, have been established mainly to promote innovation across departments (see Annex 2 for an overview of all central bank iLabs and their remits; Figure 3.)

While these structural changes aim to support executive management, the Oversight Board should have a proper role in their set-up. Given its legal responsibility for orienting the central bank’s strategy, approving its structure, and overseeing its finances, the Board needs to ensure that the structural changes allow for an effective oversight of fintech outputs.

Moreover, a salient feature of fintech units is the level of involvement with private sector entities that are not necessarily typical central bank counterparts.

Since not all fintech companies are banks or regulated financial institutions, central banks should undertake appropriate due diligence, which could include some type of ‘fit and proper’ requirements for the fintech entrepreneurs they decide to engage with21.

Evidently, this would be important not only in the context of sandboxes, but also in case central banks were to decide to materially aid such firms through an ‘accelerator’ program (see Box 3).

Figure 3. Dedicated fintech officers and iLabs in central banks

Source: IMF staff.


Fintech will exacerbate the increasingly challenging internal oversight task of Oversight Boards. These Boards will need to be actively engaged in enhancing their capabilities in terms of (a) cyber resilience; (b) operational risk; (c) data management and AI issues; and, (d) under certain CBDC issuance structures, anti–money laundering/combating the financing of terrorism (AML/CFT) compliance.

This will require Oversight Boards (a) to ensure that they have sufficient know-how and (b) to discuss supportive structures to dedicate sufficient time and attention to these matters.

Ironically, the size of Oversight Boards has decreased over the past 50 years, even though central banks are facing ever increasing complexities and more decision-making responsibilities, including due to digitalization22.

This raises three legal issues. First, what are the legal rules that can help ensure that the Board can rely on sufficiently knowledgeable human capital to acquit itself of its duties? As a general principle of governance, the members of the Oversight Board should individually and collectively be ‘fit’ to perform their duties.

What this entails concretely will depend on the responsibilities allocated to the Oversight Board. At any rate, whether central bank laws can and should legislate a diversity of skills within the Oversight Board is a difficult question.

While it is legally possible to legislate a diverse skillset in the Board23, there are not many examples of central bank laws that endeavour to achieve this outcome. An intermediate solution would be to require the appointment of at least one member with certain necessary skills24.

This said, the best way to achieve robust skill sets in Boards is the firm and deeply rooted conviction among the appointing authorities that professional skills should be the most important factor in determining suitability for appointment.

If, however, they fail to do so, it is expected that the pressure will increase to legislate the presence of certain skills on the Board, including fintech.

Second, with a view to support the Board in conducting in-depth oversight of fintech activities in the central bank, does the central bank law generally allow the Oversight Board to adjust the remit and composition of existing committees and/or new specialized sub-committees? Where a Risk and/or Audit Committee is already in place, such a general authorization would allow the Oversight Board to include fintech in its purview.

Alternatively, this would allow the Oversight Board to establish a separate specialized commit- tee, such as a ‘Fintech Committee’, if that would be the preferred option.

Finally, the extension of the Board’s oversight mandate to include AI and data management will necessitate the adoption of a number of internal legal instruments. With the use of new fintech tools and Big Data in the performance of their functions, central banks will increasingly collect and use data, and could become subject to personal data protection laws of their own as well as foreign jurisdictions.

Consequently, the Board in collaboration with executive management should establish the decision-making structure, internal rules, and procedures to ensure that data is used and handled legally, only for appropriate reasons, accessed by a limited number of staff, and stored securely.

This should include (i) internal procedures to mitigate inherent limitations of data (for example, require documentation of the use of data collected by other parties); (ii) internal controls for decision-making processes using AI (for example, procedures to follow when an error is found in an algorithm); and (iii) making qualified staff available to monitor and periodically review algorithms.

Laws could require central banks to appoint a data protection officer (DPO). Charged with supervising data protection compliance, a DPO must be independent and not subject to conflict of interest, especially with the IT and human resources departments and executive management.

Therefore, there is merit to involving the Oversight Board in the DPO’s appointment and oversight, similar to the role that some central bank Boards play with respect to chief internal auditors.


Institutional and personal autonomy

While fintech does not seem to fundamentally alter the legal foundations for institutional and personal autonomy, it can expose weaknesses in this regard.

For instance, if the government were to develop a highly ambitious national digitalization or fintech agenda, this could translate into pressure on the central bank to accommodate that agenda through its payment system oversight policy, especially in the absence of robust legislative protections supporting autonomy.

Similarly, weak incompatibility and ethics rules pose risks for conflicts of interest, and thus reduced personal autonomy, of senior central bank officials.

Functional autonomy

Legally, central banks’ responses to fintech must be carefully designed to ensure appropriate levels of functional autonomy. Fintech does not alter the very high level of functional autonomy that central banks generally enjoy.

This said, some very specific challenges arise in respect to certain functions. In analysing this, one must bear in mind that central banks need not enjoy uniformly high levels of functional (and institutional) autonomy for all their functions.

More specifically, while the monetary policy function should enjoy the highest possible level of autonomy, other functions (for example, fiscal agent and implementation of exchange control frameworks) can operate with much lower levels, in the form of direct involvement of the government, either through instructions or co-decision-making26.

The currency issuance function illustrates this principle well. While central banks require the highest level of autonomy to determine the total amount of central bank money in circulation, there is no need for similar levels of autonomy on some core aspects of currency issuance itself.

Because this function is a delegated sovereign activity with potential political ramifications (for example, the images on a banknote), it is not uncommon for the government to play some role in it. Specifically, ministers of finance are often empowered to authorize the issuance of a new banknote series as well as the main features of the banknote, or at least to be consulted27.

From that perspective, central banks and political authorities will need to consider carefully the division of labour in designing CBDC. Some degree of political involvement in CBDC design is not inherently incompatible with high levels of functional autonomy in respect to monetary policy.

At any rate, functional autonomy will be buttressed by (a) delineating with clarity the competencies of central banks vis-à-vis those of other regulatory agencies and (b) close inter-institutional collaboration28.

First, the respective roles and responsibilities of central banks and other agencies, such as competition and data protection agencies, must be legally well defined.

Second, care must be taken that powers of other regulatory agencies do not hinder central banks excessively in the execution of their mandate.

Third, to pursue a coherent and coordinated public approach, close collaboration between central banks and other regulatory agencies will be imperative29. Such close coordination could be buttressed by legal arrangements, for instance, requiring other agencies to consult with central banks on monetary and payment system matters. This would mitigate leakages and promote efficiency, inclusion, and other policy goals.

Financial autonomy

Fintech may have a mixed impact on the financial solidity of central banks, as illustrated by the following example. On the one hand, the issuance of CBDC may lead to a stabilization, or even growth, of money in circulation, and thus the seigniorage. This could allow the central bank to build up buffers to maintain a financially sound balance sheet in function of its size and risks.

On the other hand, issuing CBDC may be very costly and cause significant side-effects, including increased LOLR financing to banks witnessing a shift from deposits to CBDC, either to smoothen the adjustment in balance sheet structure or in the context of a ‘bank run’30.

From a legal perspective, it is not certain at this stage that the current framework will need to be fundamentally changed. Rather, some existing issues might just come to the fore and need to be addressed.

For instance, the central bank’s profit retention rules will regain prominence if the seigniorage earned by the central bank would significantly increase.

Second, central banks whose budgets are subject to legal limitations will need to carefully consider the impact of fintech-related expenses on their compliance with the said limitations.

Third, central banks should be careful in considering grants to fintech firms in their capacity as ‘accelerator’. Even if this were to be legally allowed under the central bank law, it remains essentially a fiscal task that ideally could be undertaken by a governmental vehicle funded by the budget.

Transparency and accountability

To balance out the high degree of autonomy that they enjoy for most of their functions, good governance calls for central banks to be commensurately accountable and transparent. By explaining their policies and actions to stakeholders (general public, government, and market participants), central banks legitimize and retain trust in their autonomy.


Central banks will have to be transparent about their response to, and use of, fintech and their related processes and decisions. They would be expected to engage in an open dialogue with internal and external stakeholders. In addition, they will need to take specific steps to report on their policies and actions, through either general or specific instruments.

For instance, for sandboxes and other innovation facilitators, eligibility requirements, procedures, rules, and outcomes should be widely accessible. Furthermore, the distribution of costs (between the central bank, users, banks, and merchants) for the issuance of CBDC should be transparent.

Finally, in using Big Data and AI, central banks should clearly communicate how associated insights are integrated into their decision-making process, transparently recognize the associated risks, and communicate about how they mitigate those risks through confidentiality protection, access rights, and data governance.

The application of general legal transparency requirements on fintech-related matters should be carefully assessed. Legally, transparency requirements in central bank laws typically take a two-fold form, requiring (i) the issuance of an annual report on the monetary, economic, and financial conditions of the country and the central bank’s monetary policy; and (ii) the publication of the audited annual financial statements31. Fintech could be relevant for both.

  • First, the annual reporting requirement could legally be extended to cover the impact of fintech—or per- haps digitalization more broadly—on the economy and the financial system and how the central bank has reacted to those developments.
  • Second, some aspect of fintech may have a direct impact on the financial reporting of central banks. For instance, if a central bank were to issue token-based CBDC, the chart of accounts could be adapted to reflect, under the liability account of “currency in circulation,” separate lines for banknotes (and coins) on the one hand and CBDC on the other hand. Since the chart of accounts is typically approved by the Oversight Board, this illustrates the link between transparency and the decision-making structures. Interestingly, in the Bahamas, the new central bank law does not require such a level of transparency by stipulating merely that “the aggregate amount of currency in circulation issued by the Bank shall appear as a liability in a statement of the accounts of the Bank” (Section 12(6)).
  • Third, and more broadly, the International Financial Reporting Standards require the disclosure of risk mitigation policies related to key balance sheet items. This may become relevant when a central bank embarks upon a major fintech endeavour.

The IMF’s Central Bank Transparency Code could offer further guidance on the matter32. New fintech innovations are relevant to all five pillars in the code (governance, policies, operations, outcomes, and official relationships).

For example, if CBDC is to be remunerated, this is an important monetary policy decision that should be explained to the public (for example, the nature of remuneration, rate, and what the motivations are). Central banks should publicly disclose their CBDC frameworks, and any targets used to pursue the objectives of monetary policy.

Fintech could also give rise to new and specific transparency requirements. Stakeholders could request an explanation of how and why the central bank took its decisions, which could be difficult to provide with the increasing opacity of algorithms and the complexity of the data.

In some countries, existing legal transparency requirements may already cover this issue, but in other countries specific new requirements could be tailored to respond to this development.


Central banks must be held accountable for their actions in relation to fintech as they are for any other decisions or actions they make. Central banks account for their decisions and actions so that stakeholders (the general public, the government, and market participants) can scrutinize the achievement of the central bank’s objectives.

As discussed above, fintech may result in an increase of central banks’ responsibilities and powers, their embrace of fintech to better serve their objectives, and an increase in their use of third-party service providers.

It is unlikely that the legal arrangements for accountability, enshrined in the central bank law, will fundamentally change because of fintech. Rather, the question is how central banks and their stakeholders can best apply those arrangements in the context of fintech.

For instance, when the central bank relies on third-party service providers (for example, cloud providers), contractual and other legal arrangements will need to establish a clear division of responsibilities between the parties.

This will facilitate accountability, though the central bank will likely be held accountable for the choice of its counterparties notwithstanding any contractual arrangement.

The recent data breach experienced in a third-party file sharing software by the Reserve Bank of New Zealand illustrates this point33. Another aspect is that the enlargement of central bank functions will require additional levels of accountability.

For example, the direct issuance of CBDC by central banks to the general public will require central banks to be accountable for the way they conduct customer due diligence and other broader AML/CFT compliance and legal requirements.

One new area of accountability pertains to decision-making based on AI and Big Data, which have inherent limitations that must be addressed by central bank governance34. Central banks will remain responsible for their organization’s action—AI cannot permit an abdication of responsibility.

Moreover, central banks should be accountable for the analytical tools and sources of data used to feed into their decision-making process.

A focus point in this regard is the protection of personal data35. Data protection laws may require compliance with new and complex data management obligations. Furthermore, central banks will be accountable to the scrutiny of a new type of stake- holder (that is, data subjects) that could comprise a large portion of the general public.

Whatever the applicable ‘data assurance framework’, accountability should be clearly allocated to the central bank’s decision-making bodies with regards to decisions related to the processing of personal data.


Fintech could have a major impact on the legal foundations of the governance of central banks, although fundamental changes to those foundations are not likely to be required. The following aspects will be particularly salient:

  • Fintech is having an impact on the mandate of central banks in three areas. First, fintech calls for reconsidering the adequacy of the legal formulation of the currency issuance and payment systems functions and powers. Secondly, in a few instances, fintech may lead to new statutory objectives, functions, and powers, highlighting the need to manage delicate trade-offs. Third, fintech offers opportunities for central banks to perform some of their traditional functions (for example, statistics) more effectively and efficiently, though novel legal challenges arise especially with respect to Big Data and AI.
  • Fintech puts pressure on the capability of the legal foundations of the decision-making structures of central banks to ensure their continued effectiveness in an increasingly digitalized world. The policy formulation bodies and Oversight Board should have sufficient fintech skills available to allow them to discharge their duties. In this regard, legal and other steps can be considered to bridge the gap. Executive management typically enjoys more flexibility to keep abreast of fintech developments, including by creating high-level chief digital officer positions and other internal structures, such as iLabs. However, these new positions and structures need to fit properly within the broader governance legal framework of the central bank.
  • Regarding autonomy, while fintech will not fundamentally alter the legal foundations for institutional, personal, and financial autonomy, it could still expose weaknesses in this regard. Fintech’s biggest impact will likely be on the functional autonomy for some key central bank functions. The role claimed by governments in designing CBDC will be an important issue to consider; the legal framework will need to carefully delineate the respective roles and responsibilities between the government and the central bank.
  • Legal arrangements for transparency are in most cases flexible enough to allow central banks to report on their fintech policies and use, although in some cases overly constraining provisions may occur. Transparent reporting on, for instance, the total amount of CBDC in circulation and the use of AI and Big Data will require a sound legal basis.
  • While the primary legal arrangements for accountability mechanisms are unlikely to change, their practical application will need to be adjusted to the advent of fintech, including through secondary legal instruments. A focus point should be policies and regulations governing the use of data and AI. Equally important, Codes of Ethics and Conduct can play a crucial role in regulating close contacts between central bank officials and fintech firms.

In response, central banks (and their political authorities) are taking steps to ensure that the legal foundations of their governance remain robust. For instance, legal mandates have been strengthened and new decision-making bodies or positions have been created to respond to fintech.

The experience thus far underscores that there is no ‘one size fits all’ solution: the response will be shaped by the context of central banks, including their mandate and legal-institutional set up. To assist central banks in the design of their responses, Box 4 sums up 10 concrete legal steps that they should take to prepare their governance for fintech.

As a final point, central bank law reform must be sufficiently broad to achieve appropriate levels of ‘agility’ to provide a ‘future-proof’ legal framework. For instance, legislation (and by extension the legal framework to which the central bank is subject) should to the maximum extent possible be technology neutral.

In addition, the use of open legal categories and possibly also well-designed ‘catch all’ provisions should be given due consideration.

Box 4. Ten legal steps a central bank must take to prepare its governance for a world of fintech

1. Objectives—As the central bank formulates its fintech policies, consider carefully the stated objectives of those policies, and align those with the current statutory objectives of the central bank.

2. Functions and Powers—Embark upon a comprehensive review of how the central bank will execute its statutory functions in a digitalized world and review the legal powers in the central bank law to ascertain whether the central bank can take all necessary actions to execute those statutory functions.

3. Data use—Establish robust governance structures and internal rules and procedures to ensure that data is processed, managed, and used in conformity with applicable laws and rules.

4. Crossborder collaboration—Where needed, review the legal basis to enter into crossborder inter-central bank collaboration arrangements and document such arrangements in the form of the most appropriate legal instrument.

5. Oversight board—Review (i) the eligibility criteria in the central bank law regarding members of the Oversight Board to ensure sufficiently strong technical skill sets, and (ii) the legal authorization in the central bank law for the Oversight Board to establish specialized sub-committees or adjust the mandate and composition of such existing committees (for example, on risk).

6. Senior fintech executives—When a new, fintech-focused senior executive function is created within the central bank, consult the legal department to ensure that key governance safeguards (clear chain of command, sound accountability, and no conflict of interest) are not undermined.

7. Autonomy—In designing central bank actions in response to fintech developments, care must be taken to maintain appropriate levels of functional autonomy of central banks, taking into account the specific needs and contours of each relevant function.

8. Transparency—Assess the legal framework for the general and financial transparency of the central bank to determine (a) on which fintech-related issues the central bank should report and (b) under which modalities.

9. Accountability—Review the legal framework for the central bank’s accountability to ensure that the central bank can be held accountable for its actions in response to fintech, paying special attention to data and AI governance.

10. Code of ethics—Review the effectiveness of the central bank’s Code of Conduct/Ethics against the backdrop of the specificities of high-level executive officers and staff dealing with fintech firms.


1. For the purposes of this note, fintech means “the advances in technology that have the potential to transform the provision of financial services spurring the development of new applications, processes, and products” as defined in the IMF report, The Bali Fintech Agenda, 2018, p. 12.

2. Central banks encounter these challenges in different roles: as catalyst, users, and providers of fintech, but also as overseers or supervisors of private entities using or providing fintech services. In this regard, the note will not discuss the governance aspects of the micro- or macro-prudential functions that can be entrusted to central banks.

3. For a broader introduction to this theme, see Bossu, W, and A Rossi. 2019. “The Role of Board Oversight in Central Bank Governance: Key Legal Design Issues” IMF Working Paper 19/293, International Monetary Fund, Washington, DC.

4. For example, CBDC issuance will unlikely address the existing instability or loss of confidence in national currency: IMF. 2020. “Digital Money Across Borders: Macro-Financial Implications.” IMF Policy Paper 2020/050: 28, International Monetary Fund, Washington, DC.

5. On constitutional provisions on currency: see Bossu, W, M Itatani, C Margulis, A Rossi, H Weenink, and A Yoshinaga. 2020. “Legal Aspects of Central Bank Digital Currency: Central Bank and Monetary Law Considerations” IMF Working Paper 20/254: Box 4, International Monetary Fund, Washington, DC.

6. See Auer, R, G Cornelli, and J Frost. 2020. “Rise of the central bank digital currencies: drivers, approaches and technologies.” BIS Working Paper No. 880, Bank for International Settlements, Basel, Switzerland.

7. See IMF. 2020. “Digital Money Across Borders: Macro-Financial Implications.” IMF Policy Paper 2020/050: 18, International Monetary Fund, Washington, DC.

8. For a detailed analysis, see Bossu, W, M Itatani, C Margulis, A Rossi, H Weenink, and A Yoshinaga. 2020. “Legal Aspects of Central Bank Digital Currency: Central Bank and Monetary Law Considerations” IMF Working Paper 20/254. International Monetary Fund, Washington, DC.

9. See Dabrowski, M “Potential Impact of Financial Innovation on Monetary Policy: In-Depth Analysis.” European Parliament: p 13. and Bofinger, P 2018 “Digitalisation of money and the future of monetary policy.” VOXeu CPER.

10. See IMF. 2021. “Central Bank Exceptional Measures in the COVID-19 Crisis: Key Legal Design Issues.” IMF Special Series on COVID-19, International Monetary Fund, Washington, DC.

11. See Bossu, W, Itatani, M, Margulis, C, Rossi, A, Weenink, H, and Yoshinaga, A, o.c., Box 6.

12. See BIS. 2020. “Annual Economic Report” Bank for International Settlements, Basel, Switzerland: 80–81.

13. See for example, Table 1 of Hauser, Andrew. 2017. “Fintech Accelerator: what have we done and what have we learned?” Remarks made to fintech firms in Cambridge, Bank of England, October 6.

14. On broader policy considerations, see Dobler, M, S Gray, D Murphy, and B Radzewicz-Bank. “The Lender of Last Resort Function after the Global Financial Crisis.” IMF Working Paper 16/10, International Monetary Fund, Washington, DC.

15. See for example, Article 7 26) and 26).1 of the National Bank of Ukraine Act and in Lebanon Article 133 of the law N81 of October 2018.

16. For instance, the PBoC has established the China Central Bank FinTech Committee to (a) reinforce the regulation, research and planning, as well as the coordination for the Fintech industry in China, (b) organize research to understand the impact of Fintech on monetary policy, capital market, finance market stability, payment and liquidation and (c) provide strategic planning and policy on the Fintech development in China.

17. Advisory boards could include mixed participants from the private and public sector. The Magyar Nemzeti Bank’s Digitalization and Fintech Advisory Board is a good example of this.

18. Among the 2,500 largest publicly listed companies, 338 chief digital officers were hired as of 2019. See Péladeau, P, and O Acker. 2019. “Have we reached ’peak’ chief digital officer?” strategy + business, March 26. An earlier study concluded that chief digital officers are typically responsible for strategic aspects of digital trans- formation, including its development and implementation and the communicative aspects, as well as the management of potential resistance: see Horlacher, A, and T Hess. 2016. “What Does a Chief Digital Officer Do? Managerial Tasks and Roles of a New C-Level Position in the Context of Digital Transformation.” Proceedings of the 49th Hawaii International Conference on Systems Sciences, January.

19. On this issue, see Bossu, W, and A Rossi. 2019. “The Role of Board Oversight in Central Bank Governance: Key Legal Design Issues” IMF Working Paper 19/293: paras. 69–80 and Box 3, International Monetary Fund, Washington, DC.

20. Other departments (for example, the research or monetary policy departments) can play a balancing role by assessing the potential risks of certain fintech developments.

21. This type of ‘fit and proper’ requirements would substantively be quite akin to those of banking and other forms of prudential supervision. On form, however, they would be quite different, in the sense that they would act not as formal legal requirements, but rather as ‘access criteria’ to the central bank. Procurement policies could also be an effective way to maintain oversight over a formal engagement with private sector stakeholders.

22. On this issue, see Bossu, W, and A Rossi. 2019. “The Role of Board Oversight in Central Bank Governance: Key Legal Design Issues” IMF Working Paper 19/293: Box 2, International Monetary Fund, Washington, DC.

23. On the challenges of legislating skill diversity, see Bossu, W, and A Rossi. 2019. “The Role of Board Oversight in Central Bank Governance: Key Legal Design Issues” IMF Working Paper 19/293: paras. 104–107, International Monetary Fund, Washington, DC.

24. For those Boards that are fully constituted but without fintech expertise, an additional legal question is whether the central bank law authorizes the appointment of an additional non-executive director specialized in fintech. To date, only a small group of central bank laws include provisions authorizing such an expansion.

25. For a brief overview of the various aspects of central bank autonomy, see Bossu, W, and A Rossi. 2019. “The Role of Board Oversight in Central Bank Governance: Key Legal Design Issues” IMF Working Paper 19/293: paras. 17–18, International Monetary Fund, Washington, DC.

26. On this important principle: See Bossu, W, S Hagan, and H Weenink. 2017. “Safeguarding Central Bank Autonomy: the role of transparency and accountability,” in “ECB Legal Conference 2017—Shaping a New Legal Order for Europe: a tale of crisis and opportunities,” European Central Bank, Frankfurt, Germany.

27. On Ministerial approval: see for example, Section 25(4) of the Bank of Canada Act, Section 27(1)(b) of the Bank of Tanzania Act, 2009, and Art. 17 in fine of the Act on the Central Bank of Iceland, 2019. On mandatory consultation of the minister, see for example, Section 22(2) of the Central Bank of Kenya Act.

28. See Taylor, Charles R, Christopher Wilson, Eija Holttinen, and Anastasiia Morozova, 2019, “Institutional Arrangements for Fintech Supervision and Regulation.” IMF Fintech Note 19/02: 5, International Monetary Fund, Washington, DC.

29. For a more detailed discussion, see IMF. Forthcoming “The Macrofinancial Implications of Data in the Digital Age.” IMF Staff Discussion Note, International Monetary Fund, Washington, DC.

30. See Smets, J 2016. “Fintech and Central Banks.” Fintech and the Future of Retail Banking, Brussels.

31. Several central banks are also subject to Freedom of Information laws, which are beyond the scope of this note.

32. The Central Bank Transparency Code (

33. On 15 February 2021, the RBNZ issued the following statement: Our response to Data Breach – Reserve Bank of New Zealand (

34. For instance, not all data are well documented, some data suffer from coverage bias, and AI algorithms can have coding errors or could be biased.

35. IMF. Forthcoming. “The Macrofinancial Implications of Data in the Digital Age.” IMF Staff Discussion Note, International Monetary Fund, Washington, DC.

This article is based on a note prepared by Marianne Bechara, Wouter Bossu, Yan Liu, and Arthur Rossi, August 2021, for the International Monetary Fund. The main ideas of this note were discussed during the 6th High Level Forum on Central Bank Governance in Dubai on 23 January 2020, co-organized by the IMF and Hawkamah, the Institute for Corporate Governance. The note has benefitted from comments from IMF staff and Anthony Beaves, Kerry Beaumont, Marie Bessala, Carine Chartouni, Cristiano Cozer, Giorgi Dzigualishvili, Christopher Hunt, Masaru Itatani, Christoph Keller, Manuel Monteagudo, Mohammed Nyaoga, Catherine Parr, Onenne Partsch, Kemar Richards, Steve Thomas, Chia Yi Tan, Marcela Tapia, Maria del Carmen Urquiza, Luis Urrutia, Kristof Van Nuffel, Paul Yuen, and Chiara Zilioli.

Annex 1. Breakdown of the innovation facilitators per central bank1

1. Innovation Facilitators exclusively operated by non-central bank supervisory agencies are not included in this list.

Annex 2. List of central bank iLabs

Translate »