Design note – Intermediary roles and scheme rulebook

Design notes

Introduction

A key part of the digital pound design phase is the development of a digital pound blueprint – a comprehensive description of how a potential digital pound could work in practice. Alongside this, the Bank and HM Treasury are creating an assessment framework to evaluate the costs and benefits of a digital pound. This assessment will be based upon the design proposed in the blueprint.

As outlined in the Blueprint Framework design note, the eventual blueprint is anticipated to be organised around four key pillars:^{footnote [1]}

• Product vision and strategy: An articulation of the digital pound proposition, including how a digital pound could meet our policy goals, and the utility a digital pound could provide to users, merchants and ecosystem participants.
• Scheme^{footnote [2]} and regulation: The terms and standards for the use and operation of a digital pound, including definition of the roles and responsibilities of both the private and public sector, and matters related to the commercial model for the digital pound.
• Technology: The conceptual and logical design of the technology platform for the core digital pound infrastructure, and the solutions and technologies that payments interface providers (PIPs) and external service interface providers (ESIPs) might need to interact with it across the digital pound ecosystem.
• Operations: The different roles, functions, and levels of service required for a continuously available, secure and resilient digital pound infrastructure.

This design note focuses on a subsection of the Scheme and Regulation pillar – the potential role of intermediaries in a digital pound ecosystem. It builds upon previous policy work to set out emerging thinking on how potential digital pound intermediaries, PIPs and ESIPs, might operate under a digital pound scheme rulebook and interact with the digital pound core platform. PIPs and ESIPs will be responsible for delivering user-facing digital pound services, ensuring those services are innovative, secure, reliable and consistent for end users.

The Bank anticipates that, in addition to any legislative and regulatory requirements that would apply to PIPs and ESIPs, it may be necessary to set out additional requirements in a 'scheme rulebook' or similar document in place between the Bank and intermediaries. This scheme rulebook could set out requirements on PIPs and ESIPs that would help facilitate the proper management of the digital pound. These may include granular rules that would help improve consistency in how intermediaries deliver services to end users, processes for dealing with refunds and disputes, and reporting requirements.

This note focuses specifically on the ‘scheme rulebook’, outlining our early thinking on how it might apply to these intermediaries, its possible structure and content. It will look to include the following broad elements:^{footnote [3]}

• Actors – The key participants in the digital pound ecosystem, including the Bank of England (as the operator of the digital pound), PIPs and ESIPs.
• System management – The governance and operational oversight of the digital pound payment system, ensuring it remains secure, reliable and consistent.
• Obligations and minimum standards – Requirements for intermediaries such as cybersecurity, limits, anti-money laundering (AML)/countering the financing of terrorism (CFT), interoperability, privacy and branding standards.
• Activities and provision of services – The core functions intermediaries are expected to support, such as payments, transfers, funding, defunding, access to cash, offering different payment types and digital pound account switching.^{footnote [4]}
• Compliance – The governance of intermediaries, including adherence to the scheme rulebook, and enforcement mechanisms.

This design note focuses on the role of intermediaries under the scheme rulebook. Other aspects of the ‘Scheme and Regulation’ pillar – including broader regulatory considerations and the potential regulatory framework for the digital pound – will be covered in future sections of the digital pound blueprint. This note does not comment on any potential regulatory regime, which would be subject to further work.

The digital pound

The February 2023 Consultation Paper, January 2024 Consultation Response and 2025 Progress Update outline our work thus far on a potential digital pound in detail. This design note assumes familiarity with our proposed design for the digital pound, outlined in previous publications. It focuses on our initial thinking regarding how intermediaries would support its delivery.

For the purposes of this design note, the key features of a digital pound are:

• Issued by the Bank
• Always remains a direct liability of the Bank.
• Interchangeable with other forms of money, like cash, bank deposits and potential new forms of digital money like stablecoins.
• Delivered via a public-private platform, with intermediaries responsible user-facing services, including Know Your Customer (KYC) checks and the management of users’ personal data.
• Neither the Government nor the Bank would have access to digital pound users’ personal data.

The role of intermediaries

We expect digital pound intermediaries to function within a structured ecosystem, with defined obligations, roles and relationships and with a clear framework of their rights, rules and responsibilities. They will provide the user-facing services that allow individuals and businesses to access and use digital pounds, while the Bank will maintain the core ledger.

PIPs will provide the primary access to digital pound services for users. This will include providing wallet services, initiating payments and managing user interactions with the digital pound. PIPs would integrate with the core ledger via application programming interfaces (APIs).

ESIPs will provide value-added services such as payment initiation and financial data tools. ESIPs are unlikely to require integration with the core ledger, instead working with PIPs to facilitate connections with users’ digital pound accounts. However, we are open to reconsidering this in light of evidence of potential user-facing services that would benefit from access to the core ledger.

The Bank will build and operate the core infrastructure, maintaining ledger integrity, and processing and settling payments made between users. This structured approach allows for competition and innovation while ensuring consistency and security.

Payments interface providers

PIPs are anticipated to be responsible for providing essential digital pound services to end users. These include:

• Providing digital pound accounts.^{footnote [5]}
  • Onboarding users, registering accounts and closing accounts when necessary.
  • Providing the connection between a user and their account, which includes performing KYC checks, while maintaining compliance with data protection and privacy rules.^{footnote [6]}
• Initiating and receiving payments.
  • Sending payment instructions to the Bank’s core ledger to transfer digital pounds between accounts and providing an account to receive digital pound payments.
  • Managing payments efficiently while ensuring compliance with applicable rules.
• User wallet^{footnote [7]} management.
  • Providing interfaces for users to check balances, view transaction history and manage digital pound holdings.
  • Ensuring secure and accessible wallet functionality across different form factors (eg mobile phones, physical cards, etc).

These functions support PIPs delivering a core user experience that is consistent and seamless across the digital pound ecosystem, on top of which PIPs would have the flexibility to create varied and innovative propositions that serve different customer bases.

Having this direct interface with the ledger, and responsibility for the provision of primary access for users, gives PIPs significant responsibility in the digital pound ecosystem. Therefore, we anticipate PIPs would face greater obligations under our scheme rulebook than ESIPs would.

At the same time, unlike payment systems today, end-users’ funds will be held on the Bank’s core ledger, rather than on the balance sheet of commercial banks, and the Bank will be responsible for transferring holdings. This might improve PIPs' ability to manage their operational risks and therefore make it easier for them to meet their obligations.

We are open to exploring the potential use cases, services and business models that potential PIPs could offer under these definitions and core functions. This will allow us to better understand how we can facilitate user-facing services that are varied, innovative and commercially viable.

External service interface providers

We anticipate ESIPs will offer specialised services that enhance the digital pound experience but do not involve directly managing funds. Users would have the choice to use ESIP services in addition to the core offering provided by their PIP, and we would also expect some entities to act both as PIPs and ESIPs. We anticipate these services could fall into two broad categories:^{footnote [8]} Payment ESIP services and Data ESIP services.

Payment ESIP services

• Enabling users to initiate payments via third-party apps (eg social media or e-commerce platforms).
• Connecting to a user’s PIP to initiate transactions with their permission.

Data ESIP services

• Providing financial insights, such as spending analysis and budgeting tools.
• Accessing user data (with permission) to offer value-added financial services.
• Sharing user data with other parties (eg PIPs), subject to user permission, to support certain account functions, such as on-boarding.

We expect that ESIPs would operate by connecting to a PIP, meaning they would not be able to connect directly to the digital pound’s core platform. This model should ensure that financial transactions and data-sharing are handled within a secure framework. Owing to these restrictions, we anticipate ESIPs would be subject to fewer rules and obligations than PIPs.

We also anticipate that this set-up would encourage the participation of firms in the digital pound whose main business is outside of payments. For example, payment ESIPs could consist of messaging services, whereby users could initiate payments to each other via group chats (eg to split the bill at a restaurant). To facilitate the creation of services like these, we are keen to lean on learnings from comparable payment initiatives where possible – for example, using our scheme rules to set commercial incentives for PIPs and ESIPs to work together.

We are aware that these categories may not be exhaustive, and we are actively considering other potential business models and use cases. We are also exploring the appropriate relationship between PIPs and ESIPs and their relative permissions, in the context of supporting a vibrant and well-functioning intermediary ecosystem.

We are interested in exploring the role of ESIPs in the digital pound, the overall attractiveness of either category of ESIP services, and what use cases and business models could be provided under each. In particular, we are keen to explore how the relationship and separation of responsibilities between PIPs and ESIPs can support the provision of innovative digital pound services.

Evolution of payment business models

PIPs will perform similar functions to those performed by banks, payment service providers (PSPs) and fintech firms today, such as AML/CFT checks, issuing payment instruments (eg cards) and authenticating payments. But there are some key differences.

The most significant change is that a digital pound is a direct liability of the Bank of England and is thus a financially risk-free asset. This means that a PIP does not maintain its own balance sheet for users’ accounts. This should allow them to focus more on service innovation than firms that are responsible for deposit-taking, custody of client assets, or balance sheet dependent financial intermediation like mortgage lending. This supports innovation and growth by making it easier for new entrants, fintech and non-traditional players to participate in the digital pound ecosystem. This should also allow incumbent payments firms to provide additional services beyond their current offerings, through the digital pound.

As we develop the ‘Scheme and Regulation’ component of the blueprint further, we will look to determine the specific obligations of both PIPs and ESIPs, relative to comparable businesses today. Throughout this process, we believe the digital pound represents an opportunity to support intermediaries in delivering growth and innovation in retail payments, while managing risks proportionately.

We are interested in exploring how existing business models in payments would translate to the digital pound. In particular, we want to explore whether there are meaningful differences between the core roles and responsibilities of PIPs and ESIPs described in this note, and the role of banks, PSPs and fintechs in existing payment systems.

Context of a scheme rulebook

We foresee the rules and obligations that digital pound intermediaries will face coming from a range of sources. Together, we envisage these different sources of rules forming a wider governance framework to manage the full set of risks posed by digital pound intermediaries.

A clear governance framework is essential to delivering a secure, reliable and consistent digital pound ecosystem. There is the potential for a digital pound governance framework to facilitate growth by providing opportunities for entrants and a platform for innovation.

In the financial services sector, in order to manage risks and/or ensure the smooth operation of the wider ecosystem, it is common for firms to have their activities governed by a combination of legislation, regulation, supervisory requirements, contractual arrangements, and industry standards. A digital pound ecosystem is expected to follow a similar structure, with the majority of requirements coming from the following sources:

• Primary Legislation – an Act of Parliament that provides the legal foundation for a digital pound.
• Regulation (and Regulatory Guidance) – A set of binding rules issued under an enabling Act of Parliament. Regulations would define who could participate in a digital pound ecosystem, how they must conduct their business and what safeguards must be in place. Compliance is mandatory. Further work is required on the specifics of regulation for digital pound intermediaries and responsibility for enforcement – it is therefore out of scope for this note.
• Scheme rulebook – A set of operational, technical and procedural rules that would help ensure the smooth management of the digital pound system. The scheme rulebook could outline how intermediaries interact with the Bank’s digital pound platform, what standards they must meet and how disputes are handled. Compliance with such a rulebook may be a condition of participation, in a similar way to how payment systems operators commonly require participants to comply with a rulebook in order to participate in any payment system today. Depending on the final contents of any scheme rulebook, a decision will need to be made on how the requirements set out in the rulebook would be imposed on digital pound intermediaries.

The digital pound scheme rulebook

A scheme rulebook would be an important mechanism for defining responsibilities for participants in the digital pound, including intermediaries. It would seek to ensure that participants operate within a consistent and enforceable framework, supporting consumer protection, operational integrity and effective oversight.

Outline of a scheme rulebook

At a high level, below is a working outline of a potential digital pound scheme rulebook. This is likely to include the following elements:

• Objectives.
• Digital pound scheme scope (scope, the binding nature of the rulebook, compliance).
• Role of ‘scheme actors’ (digital pound scheme operator, PIPs, ESIPs, end-users and merchants).^{footnote [9]}
• Business and operational model and procedures (limits, transaction processing, settlement and related requirements).
  • Risk management.
  • Fraud and financial crime prevention.
  • Incident management and contingency arrangements.
• Rights and obligations of participants (access and eligibility for participation, obligations, minimum standards, privacy and data protection, fees and charges).
  • Access and eligibility criteria.
  • Consumer protection measures such as disputes and refunds.
  • Minimum requirements for digital pound wallet.
  • Cybersecurity standards.
• Technical scheme requirements (eg intermediary certification, API integration, user experience requirements, user journeys, compatibility and end-to-end flows).
• Scheme management.
  • Management of the maintenance and operation of the scheme.

This overview is indicative and subject to change as the scheme design evolves. It does not represent the final structure of a digital pound scheme rulebook, and where there are overlaps with any new or existing legislation or regulation, the scheme rulebook may be expected to supplement or cross-refer to requirements set out in such legislation or regulation (so the indicative overview does not presuppose the content of any statute or regulation). Given the scheme rulebook’s role (described above) as a more granular application of requirements, it is possible that for areas where regulation is particularly detailed, these may not need to be included in scheme rules.

We are interested in exploring any further areas of a potential digital pound scheme rulebook that are not covered by this outline, but are of importance to the effective governance and participation of intermediaries. This will allow us, particularly as we consider on feedback on our design notes, to develop a scheme rulebook that governs risks effectively, and gives intermediaries clarity on the terms of their participation and role in the digital pound.

Key components of a scheme rulebook

The scheme rulebook could set out the operational, technical and governance requirements for the digital pound, with a view to promoting a fair, transparent and well-governed ecosystem for all participants. It will define the conditions that must be met to participate, how participants must operate, and their rights and obligations.

A scheme rulebook could potentially be structured around five key elements:

Compliance

All intermediaries would be expected to adhere to the rules and requirements set out in a scheme rulebook, alongside all other applicable laws and regulations. The scheme rulebook will work along with relevant laws and regulation in for ensuring that all participants operate fairly and responsibly.

Actors

The rulebook will define the roles, responsibilities and interactions of all participants to ensure clarity and accountability.

Key actors include PIPs, ESIPs and the Bank (as the digital pound operator), as described above.

Scheme management

The scheme rulebook will establish governance and operational rules for managing and maintaining the digital pound system.

Key aspects of operational governance include:

• Governance and oversight – the framework for managing policy updates, intermediaries. compliance, reporting requirements and dispute resolution between intermediaries.
• Operations and maintenance – Standard for ensuring the continuous and secure operation of a digital pound system.
• Participation criteria – The eligibility and requirements for PIPs and ESIPs to join and remain in the scheme. For example, verifying that they have received the required licenses and authorisation from the competent regulator.

Effective scheme management will ensure that the digital pound remains aligned with digital pound policy goals.

Obligations and minimum standards

Were a digital pound to be launched, intermediaries will be expected to meet operational, security and service quality standards to ensure the integrity and reliability of the digital pound.

The following list is non-exhaustive includes expected minimum obligations are anticipated to apply to intermediaries:

• Cybersecurity requirements – requirement to have cybersecurity controls and procedures to deal with cybersecurity incidents.
• Limits^{footnote [10]} – mechanisms to implement the limits on digital pound holdings set by the Bank.
• AML and CFT – processes and controls to ensure that intermediaries are able to comply with applicable AML and CFT measures, including Customer Due Diligence (CDD) and Know Your Customer (KYC) requirements to mitigate risks of illicit financial flows.
• Interoperability standards – meeting the standards required to utilise any digital pound integrations with other payment systems.
• Privacy and data protection – measures to support ongoing compliance with UK General Data Protection Regulation and any other applicable rules relating to user data security. Users’ rights on privacy will be guaranteed.
• Branding and user experience – maintaining a consistent and accessible experience for all digital pound users, in order to support trust, confidence and inclusion.
• Business requirements – the standards and conditions intermediaries must adhere to in interaction with end users, covering for example, permissible and prohibited actions, fee structures and possible restrictions on fees and other regulated activities.

These obligations and standards are still being assessed and are not final. The objective is to ensure that all intermediaries operate safely, protect users, maintain integrity and support the sustainability and efficient functioning of a digital pound.

Activities and provisions of services

If a digital pound were to be launched, the rulebook would define the core activities and services intermediaries must support to ensure a digital pound is fully functional and accessible.

Key activities are expected to include:

• Payments and transfers – enabling users to send and receive digital pounds seamlessly.
• Funding and defunding – Allowing users to convert bank deposits or cash into digital pounds.
• Payment types – Supporting different transactions methods, such as peer-to-peer payments, merchant transactions (both online and in-store) and bill payments.
• Account switching – Allowing users to easily switch between PIP providers without losing access to their digital pounds.

By clearly defining these activities, the rulebook will ensure that users receive a reliable, consistent and seamless payment experience.

Critical compliance and risk considerations

To ensure security, integrity and resilience of a digital pound ecosystem, intermediaries must comply with regulatory and operational standards. This section expands on the specific risk and compliance areas^{footnote [11]} that are critical to maintaining a trusted and secure system.

The scheme rulebook, alongside broader UK financial regulations will define requirements in the following areas:

• Privacy and data protection.
• Cybersecurity.
• Anti-money laundering, countering the financing of terrorism and fraud.
• Digital pound wallet standards related to minimum functionality and security.
• Risk management.
• Incident management.

These areas ensure that a digital pound remains safe, user friendly and resilient against financial crime and cyber threats.

Privacy and data protection

Privacy and data security is a key requirement for the digital pound. If a digital pound were to be launched, intermediaries would be responsible for handling user data and transaction information.

The scheme rulebook would therefore play a complementary role to relevant regulations in defining intermediaries’ obligations in this area. Scheme rules would uphold the rigorous standards of privacy and data protection specific to the digital pound, ensuring compliance with legal requirements and industry best practices and standards. These measures will balance privacy at the PIP layer with compliance, ensuring that digital pound transactions remain confidential and secure.

These requirements will uphold our commitment that the Bank will not be able to view users’ personal data. Legislation introduced by the Government for a digital pound would guarantee users’ privacy, and a potential digital pound scheme rulebook would reflect and support this commitment.

Cybersecurity

Cyber threats that could result in undesirable effects on the confidentiality of end user personal and transaction data, impact the integrity of individual transactions and/or the overall ecosystem, or affect the operational resilience and availability of the ecosystem, could severely undermine trust in the digital pound and have wider impact in the UK financial system and economy, and reputational impact on the Bank.

Protecting the digital pound ecosystem from cyber threats, fraud and operational disruptions will therefore be essential.

Cybersecurity threats are constantly evolving. Were a digital pound to be launched, the scheme rulebook will establish security standards for intermediaries, with a view to ensure that intermediaries employ robust measures identify, prevent and respond to cybersecurity incidents.

The effectiveness of the implementation of the measures by intermediaries will also need to be monitored using appropriate oversight mechanisms. A robust cybersecurity framework would ensure that the digital pound, if launched, is a safe and trusted payment option for users.

Anti-money laundering and countering the financing of terrorism

Intermediaries will play a critical role in preventing financial crime, ensuring that digital pounds are not misused for illegal activities. They will act as a first line of defence and will be expected to comply with AML obligations. The relevant requirements in the scheme rulebook will ensure that the digital pound meets international financial integrity standards (eg the Financial Action Task Force recommendations), protecting the system from illicit use.

These controls required from intermediaries might be complemented by mechanisms implemented at central platform level (by the scheme operator in the Bank’s platform model), potentially offering a multi-layer defence mechanism to prevent AML and fraud. This will need to be explored further before any decision is made.

The scheme rulebook will operate in conjunction with any potential centralised prevention mechanisms ensuring a cohesive and effective approach to combating money laundering and terrorist financing.

Digital pound wallet standards

Since users will not hold digital pounds directly with the Bank of England, intermediaries must provide wallet services that meet minimum functionality and security standards.

If a digital pound were to be launched, intermediaries will be expected to:

• Allow users to open, manage and close wallets easily
• Ensure real time balance visibility and transaction history tracking
• Enable seamless payments and transfers across the ecosystem
• Support account switching, allowing users to move between PIPs without losing access to their digital pounds.

By setting consistent standards, the scheme rulebook will ensure that all digital wallets deliver a reliable, user-friendly experience. The Bank is currently exploring the potential for a Bank provided Software Development Kit (SDK) to support a greater range of intermediaries that can develop wallets and enhance digital pound payments. Any provision of an SDK will need to meet the Bank’s objectives in supporting developers to enable innovative propositions that benefit end users and drive competition. The Bank recognises the role of SDKs in becoming an industry standard and the importance it can have on the success of potential digital pound intermediaries.

Risk management

This section highlights the risk management requirements necessary to maintain operational resilience.

Intermediaries could, for example, be required to:

• Develop risk management frameworks to identify assess and mitigate threats to their operations
• Ensure business continuity including disaster recovery plans in the case of system failures or cyber incidents
• Maintain regulatory compliance to prevent legal and reputational risks

By enforcing strong risk controls the scheme rulebook will help protect users maintain system integrity and prevent disruptions.

Next steps

Over the coming months and throughout the remainder of the digital pound design phase, work will continue on the development of a potential digital pound scheme rulebook and its wider regulatory framework, as part of the ‘Scheme and Regulation’ pillar of the blueprint. This will include further analysis on the risks posed by, and appropriate obligations and liabilities for, different participants. The Bank will continue to engage with stakeholders including banks, payment service providers, fintechs and merchants, through existing forums and additional publications. Our aim is to ensure stakeholders are kept informed and involved throughout the design phase, ensuring they can provide valuable input to shape our work.

More details about our recent and upcoming efforts in the digital pound design phase can be found on our news page.

We welcome feedback on the considerations set out in this design note, particularly on the potential role of ESIPs and the scheme rulebook. You can share your feedback via email to CBDC@bankofengland.co.uk.