In a Fintech Note published in November 2025, IMF authors stress that jurisdictions designing rCBDCs should conduct thorough, ongoing anti–money laundering and counter-terrorist financing (AML/CFT) risk assessments and adopt a risk-based approach to mitigation.

The paper highlights key design choices, including token- versus account-based models, intermediated distribution, offline functionality and privacy features, that have major implications for who holds responsibility for AML/CFT controls.

The IMF notes that many central banks favour intermediated rCBDC models, in which licensed financial institutions apply AML/CFT measures. That approach can harness existing supervisory frameworks but may require legal updates and capacity building, particularly where non-bank intermediaries such as telecom operators are considered.

Regulators will need clear rules on customer due diligence, record-keeping and transaction monitoring to avoid creating weak links in the payments ecosystem.

Privacy and offline payments, features often prioritised to increase uptake, add further trade-offs. The note recommends privacy-preserving options combined with regulatory safeguards so that user protection does not become a loophole for illicit flows. Offline functionality should be carefully limited and coupled with measures to preserve traceability where necessary for AML/CFT purposes.

For African authorities, the IMF urges early stakeholder engagement, pilot-based risk learning and investment in supervisory capacity. The authors recommend that the rollout be phased and accompanied by updates to legal frameworks so the central bank, financial supervisors and law enforcement can co-operate effectively.

–IMF/ChannelAfrica–