Wholesale CBDC Application Workflow

The wholesale central bank digital currency (CBDC) scenario represents currency that is distributed through a structured financial institution hierarchy.

In this scenario, the central bank approver governs all central bank operations, while financial institution approvers govern internal transfers at the institutional level. Tokens are minted by the creator and issued to financial institution officers by the issuer. Financial institution officers then issue the tokens to financial institution users. Tokens can be burned by the retirer. In the non-confidential version, all transaction details including participant account information and actual balance values are stored directly on the public ledger in plain form. There is no separation between sensitive and non-sensitive data, making it suitable for environments where transaction privacy is not required.

Minter, burner, and notary roles are required.
The burner role is assigned to the retirer. Regular users cannot burn their own tokens.
All hold-based transfers run in two steps: first the holdTokens API and then either the executeHoldTokens or releaseHold API.
The issuer acts as the distribution point, choosing whether to route tokens to the financial institution hierarchy or to the retirer.

The following table summarizes the actors in this scenario.

Actor	Role	Description
Administrator	Token Admin	Initializes the system, assigns roles.
Creator	Minter	Requests minting of tokens and receives minted tokens.
Central Bank Approver	Notary	Approves all operations at the central bank level.
Issuer	none	Receives tokens from the creator, routes tokens to the financial institution officer or retirer.
Financial Institution Officer	none	Receives tokens from the issuer, distributes tokens to financial institution users.
Financial Institution Approver	Notary	Approves hold transfers from financial institution officer to financial institution users.
Financial Institution User	none	Final recipient of transferred tokens at a financial institution.
Retirer	Burner	Receives tokens from the issuer and sends burn requests to the central bank approver.

The administrator completes the following steps to initialize the system.

Initialize the CBDC system by using the initializeCBDCToken API.
Register organizations by using the registerOrg API.
Create accounts by using the createAccount API.
Associate the token to accounts by using the associateTokenToAccount API.
Assign the minter role to the creator, the notary role to the central bank approver, and the burner role to the retirer by using the addRole API.

After the system is initialized, a typical process flow follows these basic steps.

Mint currency.
1. The token creator uses the requestMint API to submit a request to mint deposit tokens.
2. The central bank approver uses the approveMint API to review and approve the mint request. The tokens are credited to the creator's account. Alternately, the central bank approver can use rejectMint API to deny the request.
Transfer tokens to the issuer.
- The creator uses the transferTokens API send tokens to the issuer.
Transfer tokens to financial officers.
1. The issuer uses the holdTokens API send tokens to a financial institution officer.
2. The central bank approver uses the executeHoldTokens API to validate and approve the transfer request. Alternately, the central bank approver can use the releaseHold API to reject the transfer.
Issue tokens to users.
1. The financial institution officer uses the holdTokens API send tokens to a financial institution user.
2. The financial institution approver uses the executeHoldTokens API to validate and approve the transfer request. Alternately, the financial institution approver can use the releaseHold API to reject the transfer.
Burn tokens.
1. The issuer uses the transferTokens API to transfer tokens to the retirer.
2. The retirer uses the requestBurn API to send a burn request to the central bank approver.
3. The central bank approver uses the approveBurn API to approve the burn request, and the tokens are destroyed. Alternately, the central bank approver can use the rejectBurn API to reject the request.
Verify token balance.
- Users can use the getAccountBalance API to get the total number of currency they hold.