00 Cover letter

Welcome to the official

White Paper

Scroll to Read

White Paper v2.0

Cover letter

Note to Readers: On December 1, 2020, the Libra Association was renamed to Diem Association. This white paper, originally published by the Libra Association in June 2019 and then re-issued as a stand-alone update in April 2020, replaces previous versions published by the Association. Supporting technical papers published by the Libra Association in June 2019, have either been edited or retired. Features of the project as implemented may differ based on regulatory approvals or other considerations, and may evolve over time.

The Libra Association’s mission is to enable a simple global payment system and financial infrastructure that empowers billions of people. The Association’s first step toward creating a more inclusive and innovative financial system began in June 2019 with the announcement of the project. Our goal was to establish a collaborative dialogue early in the journey. We have worked with regulators, central bankers, elected officials, and various stakeholders around the world to determine the best way to marry blockchain technology with accepted regulatory frameworks. Our objective is for the Libra payment system to integrate smoothly with local monetary and macroprudential policies and complement existing currencies by enabling new functionality, drastically reducing costs, and fostering financial inclusion.

The Association has made changes to its initial approach, many of which depart from the approaches taken by other blockchain projects. The Association’s goal was never to emulate other systems, but rather to leverage the innovative approach of using distributed governance through Association Members and distributed technology to create an open and trustworthy system. By undertaking the difficult work of enhancing traditional financial systems to become programmable, interoperable, and upgradeable, we hope to allow others to leverage our efforts to build innovative but also safe and compliant financial applications that can serve everyone. We appreciate the discussions with policymakers around the world who have helped us understand key concerns so that we can integrate actionable improvements into the Libra payment system’s design and into a phased rollout plan.

This updated white paper outlines the significant work we have done on the design of the Libra payment system since June 2019. Four key changes have been made to address regulatory concerns that deserve specific attention, each of which is addressed briefly below and then in more depth in the updated white paper:

Offering single-currency stablecoins in addition to the multi-currency coin.
Enhancing the safety of the Libra payment system with a robust compliance framework.
Forgoing the future transition to a permissionless system while maintaining its key economic properties.
Building strong protections into the design of the Libra Reserve.

Offering single-currency stablecoins in addition to the multi-currency coin

While our vision has always been for the Libra network to complement fiat currencies, not compete with them, a key concern that was shared was the potential for the multi-currency Libra Coin (≋LBR) to interfere with monetary sovereignty and monetary policy if the network reaches significant scale and a large volume of domestic payments are made in ≋LBR. We are therefore augmenting the Libra network by including single-currency stablecoins in addition to ≋LBR, initially starting with some of the currencies in the proposed ≋LBR basket (e.g., LibraUSD or ≋USD, LibraEUR or ≋EUR, LibraGBP or ≋GBP, LibraSGD or ≋SGD). This will allow people and businesses in the regions whose local currencies have single-currency stablecoins on the Libra network to directly access a stablecoin in their currency. Each single-currency stablecoin will be fully backed by the Reserve, which will consist of cash or cash equivalents and very short-term government securities denominated in that currency. We hope to work with regulators, central banks, and financial institutions around the world to expand over time the number of single-currency stablecoins available on the Libra network. ≋LBR will not be a separate digital asset from the single-currency stablecoins. Under this change, ≋LBR will simply be a digital composite of some of the single-currency stablecoins available on the Libra network. It will be defined in terms of fixed nominal weights, such as the Special Drawing Rights (SDR) maintained by the International Money Fund (IMF). ≋LBR can be used as an efficient cross-border settlement coin as well as a neutral, low-volatility option for people and businesses in countries that do not have a single-currency stablecoin on the network yet. This approach has the added benefit of allowing the network to support a wider range of domestic use cases and of providing a clear path for seamlessly integrating central bank digital currencies (CBDCs) as they become available. For more details, click here.

Enhancing the safety of the Libra payment system with a robust compliance framework

Our goal is to develop a system designed to ensure compliance with applicable laws and regulations while supporting our objectives of openness and financial inclusion. Integrated safeguards enable people and businesses to trust the security and integrity of the Libra payment system. The Association has incorporated feedback from regulators and continues to develop a comprehensive framework for financial compliance and network-wide risk management as well as strong standards for Anti-Money Laundering (AML), Combating the Financing of Terrorism (CFT), sanctions compliance, and the prevention of illicit activities. This includes the establishment of a Financial Intelligence Function (FIU-function) to help support and uphold operating standards for network participants. The Libra network distinguishes between four categories of participants: (i) Designated Dealers; (ii) Virtual Asset Service Providers (“VASPs,” including exchanges and custodial wallets) that are registered or licensed as VASPs in a Financial Action Task Force (FATF) member jurisdiction, or are registered or licensed in a FATF member jurisdiction and are permitted to perform VASP activities under such license or registration (Regulated VASPs); (iii) VASPs that have completed a certification process approved by the Association (Certified VASPs); and (iv) all other individuals and entities seeking to transact or provide services through the Libra network (Unhosted Wallets). Unhosted Wallets enable financial inclusion, broad competition, and responsible innovation and thus facilitate the creation of services for the unbanked and underbanked. Since their activities may pose a greater risk, they will be subject to balance and transaction limits. Initially, the network will only be accessible to Designated Dealers and Regulated VASPs while the Association continues to develop its certification process for other VASPs and its compliance framework for Unhosted Wallets based on the feedback received from regulators. The Association intends to make the network accessible to Certified VASPs and Unhosted Wallets once the relevant compliance frameworks have been finalized. For more details, click here.

Forgoing the future transition to a permissionless system while maintaining its key economic properties

Regulators raised thoughtful questions about the perimeter of control for the Libra network — in particular, the need to guard against unknown participants taking control of the system and removing key compliance provisions. We believe it is possible to replicate the key economic properties of a permissionless system through an open, transparent, and competitive market for network services and governance, all while incorporating the robust due diligence of Members and validators that is inherent to a permissioned system. For more details, click here.

Building strong protections into the design of the Libra Reserve

We have had constructive discussions with regulators on how to handle extreme situations — in particular, how the Reserve would function in stressed scenarios and what claims and protections are in place for Libra Coin holders. We have incorporated strategies in the design and structure of the Reserve that are based on approaches in other systems. The Reserve will hold assets with very short-term maturity, low credit risk, and high liquidity. It will also maintain a capital buffer. For more details, click here.

This updated Libra white paper documents the mission and mechanisms supporting the Libra payment system while seeking to provide greater detail on key areas of importance. Furthermore, we hope this document opens the door to building broader public-private partnerships with the shared goals of advancing global payments efficiency and expanding financial inclusion.

Section 01

Introduction

The advent of the internet and mobile broadband has empowered billions of people globally by providing access to the world’s knowledge and information, high-fidelity communications, and a wide range of lower-cost, more convenient services. These services are now accessible using a $40 smartphone from almost anywhere in the world.¹

Despite this connectivity, large swaths of the world’s population are left behind — 1.7 billion adults globally remain outside of the financial system with no access to a traditional bank, even though one billion have a mobile phone and nearly half a billion have internet access.² For too many, parts of the financial system look like pre-internet telecommunication networks. Twenty years ago, the average price to send a text message in Europe was 16 cents per message.³ Prices were high but were the same for everyone. Today, people with less money pay more for financial services. Hard-earned income is eroded by fees, from remittances and wire costs to overdraft and ATM charges.

Blockchains have a number of unique properties that can potentially address some of the problems of accessibility and trustworthiness. These include distributed governance, which ensures that no single entity controls the network; open access, which allows anybody with an internet connection to participate; and security through cryptography, which protects the integrity of funds. But existing blockchain systems have yet to reach mainstream adoption. Mass-market usage of existing blockchain-based currencies has been hindered by their volatility and lack of scalability, which have, so far, made them poor mediums of exchange.

We believe that it is possible to combine the best aspects of blockchain-based technological innovation — distributed governance, open access, and security — with a robust compliance and regulatory framework. Building certain compliance requirements at the Libra protocol level can improve the effectiveness of programs like prevention of illicit activities or Anti-Money Laundering (AML), Combating the Financing of Terrorism (CFT), and sanctions compliance. Developers, merchants, and consumers benefit from the compliance and security that is built into the Libra network. Technological innovation conducted in collaboration with the financial sector, including regulators and experts across a variety of industries, is the only way to ensure that a sustainable, secure, and trusted framework underpins this new system. And this approach can deliver a giant leap forward toward a lower-cost, more accessible, more connected global financial system.

The opportunity

As we embark on this journey together, we think it is important to share our beliefs to align the community and network we intend to spark around this initiative:

We believe that many more people should have access to financial services.
We believe that people have an inherent right to control the fruit of their legal labor.
We believe that global, open, instant, and low-cost payment networks create immense economic opportunities and more commerce across the world.
We believe that people will increasingly trust distributed forms of governance.
We believe that an open and broadly interoperable payment network should be designed and governed with high standards of compliance.
We believe that we all have a responsibility to help advance financial inclusion, support ethical actors, and continuously uphold the integrity of the payment system.

Section 02

The Libra Payment System

The world needs a reliable and interoperable payment system that can deliver on the promise of “the internet of money.” Securing your financial assets on your mobile device should be simple and intuitive. Moving money around globally, and in a compliant way, should be as easy and cost-effective as — and even safer and more secure than — sending a message or sharing a photo, no matter where you are, what you do, or how much you earn. New product innovation and additional entrants lower barriers to access and facilitate frictionless payments for more people.

Now is the time to create a new kind of digital infrastructure built on the foundation of blockchain technology. The Libra mission is to enable a simple global payment system and financial infrastructure that empowers billions of people. The Libra project will be made up of three parts that work together to create a more inclusive financial system:

A secure, scalable, and reliable blockchain as the technological backbone of the payment system;
Libra Coins that are backed by the Libra Reserve of assets made up of cash or cash equivalents and very short-term government securities; and
Governance by the independent Libra Association and its subsidiary Libra Networks, tasked with developing and operating the payment system.

The Libra payment system is built on the Libra Blockchain. Because it is intended to address a global audience, the software that implements the Libra Blockchain is open source — designed so that anyone can build on it, and billions of people can depend on it for their financial needs. Imagine an open, interoperable payment system that developers and organizations build to help people and businesses hold and transfer Libra Coins for everyday use. With the proliferation of smartphones and wireless data, more people are coming online and will be able to access the Libra payment system. To enable the Libra network to achieve this vision over time, the Libra Blockchain has been built from the ground up to prioritize scalability, security, efficiency in storage and throughput, as well as future adaptability. Keep reading for an overview of the Libra payment system, or read more about the Libra Blockchain here.

The Libra payment system will support single-currency stablecoins (e.g., ≋USD, ≋EUR, ≋GBP, etc.) and a multi-currency coin (≋LBR), which we refer to together as Libra Coins. Libra Coins will need to be accepted in many places and easy to access for those who want to use them. People need to have confidence that they can use Libra Coins and that their value will remain relatively stable over time. To accomplish this, each single-currency stablecoin will be backed 1:1 by the Reserve, which will consist of cash or cash equivalents and very short-term government securities denominated in the relevant currency. Each ≋LBR, being a composite of 1:1-backed single-currency stablecoins supported by the Libra network, inherits the backing and stability of those stablecoins. The Libra Reserve will be administered to preserve the value of Libra Coins over time. Keep reading for an overview of the Libra Association, or read more about the Reserve here.

The Association is an independent membership organization headquartered in Geneva, Switzerland. The Association’s purpose is to coordinate and provide a framework of governance decision-making for the Libra network and Reserve, oversee the operation and evolution of the Libra payment system, facilitate the provision of services on top of the Libra Blockchain in a safe and compliant manner, and establish social impact grantmaking in support of financial inclusion. This white paper is a reflection of our mission, vision, and purview.

Membership of the Association consists of geographically distributed and diverse businesses and nonprofit organizations.

While Facebook teams played a key role in the creation of the Association and the Libra Blockchain, they have no special rights within the Association. On October 14, 2019, the initial Association Members signed on to the Association Charter. This marked the formalization of the Association Council, which is made up of one representative per Member organization. The setup is designed to ensure that each Member has the same privileges and obligations as any other Member. In addition, the Council elected a five-member board of directors to carry out the day-to-day management and representation of the Association. For more details on the organization and governance of the Association, see here.

Section 03

The Libra Blockchain

The goal of the Libra Blockchain is to serve as a foundation for financial services, including a new global payment system that meets the daily financial needs of billions of people. Through the process of evaluating existing options, we decided to build a new blockchain based on the following three requirements:

Able to scale to billions of accounts, which requires high transaction throughput, low latency, and an efficient, high-capacity storage system.
Highly secure to ensure the safety of funds and financial data.
Flexible, so that it can power future innovation in financial services.

The Libra Blockchain is designed from the ground up to holistically address these requirements and build on the learnings from existing projects and research — a combination of innovative approaches and well-understood techniques. This next section highlights three decisions regarding the Libra Blockchain:

Designing and using the Move programming language.
Using a Byzantine Fault Tolerant (BFT) consensus approach.
Adopting and iterating on widely adopted blockchain data structures.

Designing and using the Move programming language

Move is a new programming language for implementing custom transaction logic and “smart contracts” on the Libra Blockchain. Because of the Libra Association’s goal to one day serve billions of people, Move is designed with safety and security as the highest priorities. Move takes insights from security incidents that have happened with smart contracts to date and creates a language that makes it inherently easier to write code that fulfills the author’s intent, thereby lessening the risk of unintended bugs or security incidents. Specifically, Move is designed to prevent assets from being cloned. It enables “resource types” that constrain digital assets to the same properties as physical assets: a resource has a single owner, it can only be spent once, and the creation of new resources is restricted.

The Move language also facilitates automatic proofs that transactions satisfy specific properties, such as the requirement that payment transactions only change the balances of the payer and receiver. By prioritizing these features, Move helps keep the Libra Blockchain secure. Move allows easy and secure definition of the core elements of the Libra network, such as payment transfers and the management of validator nodes. Lastly, Move is one way that compliance mechanisms, such as those to facilitate Travel Rule compliance and protocol-level sanctions screening, will be built into the Libra network.

The Association is committed to implementing appropriate review and risk controls for smart contracts. At first, only Association-approved and -published smart contracts will be able to interact directly with the Libra payment system. Over time, the Association will explore appropriate controls to allow third-party publishing of smart contracts.

Using a Byzantine Fault Tolerant (BFT) consensus approach

To facilitate agreement among all validator nodes on the ledger of transactions, the Libra Blockchain adopted the BFT approach by using the Libra Byzantine Fault Tolerance (LibraBFT) consensus protocol. This approach accomplishes three important goals. First, it builds trust in the network because BFT consensus protocols are designed to function correctly even if some validator nodes — up to one-third of the network — are compromised or fail. Second, this class of consensus protocols enables high transaction throughput, low latency, and a more energy-efficient approach to consensus than “proof of work” used in some other blockchains. And third, the LibraBFT protocol facilitates clearly described transaction finality, so when a participant sees confirmation of a transaction from a quorum of validators, they can be sure that the transaction has completed.

The security of BFT depends on the quality of the validators, so the Association will perform due diligence on prospective validators. The Libra network is designed with a security-first approach and sophisticated cyber and critical infrastructure attacks in mind. The network is structured to strengthen the assurance of the software run by the validators, including leveraging techniques such as the separation of critical code (a “trusted computing base”), innovative ways of testing the consensus algorithm, and careful management of dependencies. Finally, Libra Networks will define policies and procedures for reconfiguring the Libra Blockchain in the case of critical errors or the need for upgrades. In addition to being designed to ensure a safe recovery of the system in these cases, this preparation will deter attacks because attackers will know that their actions can be countered.

Adopting and iterating on widely adopted blockchain data structures

In order to securely store transactions, data on the Libra Blockchain will be protected by Merkle trees, a data structure used by other blockchains that enables the detection of any changes to existing data. Unlike previous blockchain projects, which view the blockchain as a collection of blocks of transactions, the Libra Blockchain will be a single data structure that records the history of transactions and states over time. This implementation simplifies the work of applications accessing the blockchain, enabling a unified framework that allows for data to be read from any point in time in order to verify the integrity of that data.

One outcome of the above design decisions is that the Libra Blockchain will provide public verifiability, meaning that anyone (validators, Libra Networks, Virtual Asset Service Providers (VASPs), law enforcement, or any third party) can audit the accuracy of all operations. Transactions will be signed cryptographically so that even if all validators are compromised, no falsified transactions from addresses with secure signature keys can be accepted as committed. The design is compatible with hardware key management and off-line storage of high-value cryptographic keys.

Another outcome of the above design decisions is that the Libra Blockchain will support a privacy approach that will take into account the variety of participants on the network. The Association oversees the evolution of the Libra Blockchain protocol and network and continuously evaluates new techniques to enhance privacy compliance on the blockchain while taking into account applicable regulatory requirements.

For more details, read the technical paper on the Libra Blockchain. Detailed information is also available on the Move programming language and the LibraBFT consensus protocol. The Association has open-sourced an early preview of the Libra testnet, with accompanying documentation. The testnet is still under development, and APIs are subject to change. Since June 2019, progress has been reported in periodic blog posts and roadmap updates by the Association. The Association commits to work openly with the community, and we hope you continue to read, build, and provide feedback.

Section 04

Economics and the Libra Reserve

When the Libra Association released its ideas for the operations of the Libra Reserve, the document was intended to be a proof of concept rather than a finished roadmap for the project. Since June 2019, we have met with many different organizations, regulators, policymakers, and academics to understand key concerns and integrate actionable improvements into the economic design of the Libra network. These consultations and meetings around the world have been invaluable in informing our direction. In particular, the Association greatly appreciates the thorough and thoughtful research the G7 working group completed on stablecoins. The concerns raised in the report helped highlight immediate questions to be answered, as well as longer-term challenges that may emerge.

A key concern that was shared was the potential for the multi-currency Libra Coin (≋LBR) to interfere with monetary sovereignty and monetary policy if the network reaches significant scale in a country (i.e., ≋LBR becomes a substitute for domestic currency). While we believe this is unlikely because ≋LBR introduces foreign exchange exposure for coin holders in domestic transactions and the use of ≋LBR may be subject to restrictions, such as foreign exchange controls, we take this concern seriously.

The Libra network is designed to be a globally accessible and low-cost payment system — a complement to, not a replacement for, domestic currencies. The stabilization of currencies and value preservation are key efforts that are properly within the exclusive remit of the public sector. Therefore, we are augmenting the Libra network by including single-currency stablecoins (e.g., ≋USD, ≋EUR, ≋GBP, etc.) and planning to increase the number of single-currency stablecoins over time. These will enable a range of domestic use cases by giving people and businesses the ability to transact in a stablecoin denominated in their own currency. Each single-currency stablecoin will be supported by a Reserve of cash or cash-equivalents and very short-term government securities denominated in that currency and issued by the home country of that currency. Single-currency stablecoins will only be minted and burned in response to market demand for that coin. Because of the 1:1 backing of each coin, this approach would not result in new net money creation.

We believe this approach can lower costs and enable new functionality while giving maximum flexibility and control to central banks for how the Libra payment system is used in their countries.

Initially, the Association expects to offer a small number of single-currency stablecoins based on the presence of highly liquid and safe government securities markets in the relevant currencies. We hope to work with regulators, central banks, and financial institutions around the world to expand the number of single-currency stablecoins available on the Libra network over time and to explore the technical, operational, and legal requirements to access direct custody with them. In particular, if adoption in a region without a single-currency stablecoin on the network generates concerns about currency substitution, then the Association could work with the relevant central bank and regulators to make a stablecoin available on the Libra network. The Association welcomes feedback on how it can help support local monetary and macroprudential policies.

For countries that do not have a single-currency stablecoin on the Libra network, we believe ≋LBR is a neutral and low-volatility alternative that could ensure users in such regions can benefit from accessing the network and increased financial inclusion. In this context, ≋LBR could operate as a settlement coin in cross-border transactions, and people and businesses could convert the ≋LBR they receive into local currency to spend on goods and services through third-party financial service providers. For example, consider a Libra user in the US wanting to send money to their family in another country. The sender in the US would likely use ≋USD as their default Libra Coin to make the transfer. If the receiver lives in a region with a different single-currency stablecoin on the Libra network, the sender could transfer that single-currency stablecoin or the receiver could convert ≋USD to that single-currency stablecoin or local currency through a third-party financial service provider, providing a convenient and simple option for the receiver to access and use the funds. If a single-currency stablecoin is not available, the transfer could be made in ≋LBR. The receiver could convert ≋LBR into their local currency through a third-party financial service provider to buy goods and services in that currency. The Libra network would not itself provide for, record, or settle conversions between Libra Coins and fiat currency or other digital assets; instead, as noted, any such exchange functionality would be conducted by third-party financial service providers. Regardless of the region, we expect to require all Virtual Asset Service Providers (VASPs), such as currency exchanges that have addresses on the Libra Blockchain to hold and transfer Libra Coins, to fully comply with all applicable foreign exchange limitations and capital controls in order to mitigate currency substitution risk.

Moreover, our hope is that as central banks develop central bank digital currencies (CBDCs), these CBDCs could be directly integrated with the Libra network, removing the need for Libra Networks to manage the
associated Reserves, thus reducing credit and custody risk. As an example, if a central bank develops a digital representation of the US dollar, euro, or British pound, the Association could replace the applicable single-currency stablecoin with the CBDC.

Single-currency stablecoins simplify the design of ≋LBR. ≋LBR can be implemented as a smart contract that aggregates single-currency stablecoins using fixed nominal weights (e.g., ≋USD 0.50, ≋EUR 0.18, ≋GBP 0.11, etc.). This approach to the ≋LBR design is similar to what is used by the International Monetary Fund (IMF) in the Special Drawing Rights (SDR). Because ≋LBR is composed of fixed amounts of single-currency stablecoins that are supported by the network, ≋LBR is fully backed by the Reserve assets backing each single-currency stablecoin.

To limit concerns about the Association updating the ≋LBR weights unilaterally, the Association would welcome the oversight and control over the basket composition (both currencies included and their respective weights) by a group of regulators and central banks or an international organization (e.g., IMF) under the guidance of the Association’s main supervisory authority, the Swiss Financial Market Supervisory Authority (FINMA).

Single-currency stablecoins, however, may add complexity for wallets, exchanges, and merchant solution providers. For example, exchanges will need to maintain sufficient liquidity across multiple digital assets rather than just one. Wallets will need to handle cross-currency use cases, such as sending remittances, even though we expect people will default to the single-currency stablecoin for their domestic currency (where available), to another single-currency stablecoin (e.g., ≋USD, ≋EUR, ≋GBP, etc.), or to ≋LBR.

The Libra network is intended to support global, cross-border exchanges by extending the functionality of fiat currencies, which are appropriately under the governance and control of central banks. Under this new
approach, we seek to reduce concerns around monetary sovereignty and help usher in more accessible payments and financial products for people and businesses around the world.

The Libra Reserve and protections

A key objective of the Libra network’s economic design is building trust in an efficient payment method. Each stablecoin on the Libra network will be fully backed by a Reserve of high-quality liquid assets and supported by a competitive network of resellers and exchanges buying and selling each coin. That means that Libra Coin holders should have a high degree of assurance they can convert their Libra Coins into local currency.

The importance of full backing and risk mitigation

In the first Libra white paper, the Association committed to full backing, recognizing its importance for people and businesses using the network. In September 2019, the Association announced its intention to file for a payment system license with FINMA, which is expected to specify the continued full backing of each Libra Coin as a condition of the license.

Full backing means that the Reserve will hold, in cash or cash equivalents and very short-term government securities, an amount at least equal to the face value of each Libra Coin in circulation. This is different from banks, which only hold a fractional reserve of cash and other liquid assets (e.g., 10 percent) to back their deposit liabilities, with the rest of their assets consisting of loans and other illiquid assets (also known as fractional reserve banking). Full backing by liquid assets is important for discouraging runs and stabilizing the payment system. Combined with a commitment to transparency and auditability, we believe that the full backing of each Libra Coin will help ensure that people and businesses have confidence that their Libra Coins can be converted into local currency.

The Reserve will mint and burn each single-currency stablecoin (e.g., ≋USD, ≋EUR, ≋GBP, etc.) in response to market demand. Additionally, a smart contract will combine these specific single-currency stablecoins into ≋LBR based on specified fixed nominal weights. Since ≋LBR is not a peg to a single currency, as the value of each currency moves, the value of one ≋LBR in any local currency may fluctuate. The Association would welcome the oversight and control over ≋LBR by a group of regulators and central banks or an international organization (e.g., IMF) under the guidance of the Association’s main supervisory authority, FINMA, which could oversee and control the weights and components to minimize volatility.

The structure of the Reserve is intentionally designed to mitigate threats and minimize risks. In order to keep Libra Networks solvent and the Libra payment system functioning smoothly over time, the Reserve will rely on only high-quality liquid assets or assets that can rapidly be converted into high-quality liquid assets. In particular, we will require the Reserve to consist of at least 80 percent very short-term (up to three months’ remaining maturity) government securities issued by sovereigns that have very low credit risk (e.g., A+ rating from S&P and A1 from Moody’s, or higher) and whose securities trade in highly liquid secondary markets. The remaining 20 percent will be held in cash, with overnight sweeps into money market funds that invest in short-term (up to one year’s remaining maturity) government securities with the same risk and liquidity profiles. To address currency risk, the currency composition of assets comprising the Reserve will match the composition of outstanding single-currency stablecoins (including the single-currency stablecoins that comprise the outstanding ≋LBR). This mandate — which is expected to be reflected in Libra’s FINMA payment system license — will help mitigate interest rate, liquidity, and credit risks.

However, even with these high-quality liquid assets, Libra Networks could incur losses (e.g., arising from rapid changes in interest rates) or find it more difficult to liquidate assets in extreme economic conditions. To help consumers remain protected, the Reserve will be further endowed with a capital buffer. With input from regulators, the Association is developing a regulatory capital framework to ensure it maintains an appropriately sized, loss-absorbing capital buffer. For instance, this capital buffer will protect against potential losses from credit, market, and operational risks of the Libra payment system. Operational risks include external or internal fraud, business disruptions, and system and control failures.

The administration of the Reserve will be transparent to the public. The Reserve will be audited on a regular basis by independent auditors. The results of those audits will be made publicly available to demonstrate that all Libra Coins in circulation are fully backed by matching assets comprising the Reserve. The Association will publish on its website on a daily basis the then-current composition of the Reserve and the then-current market value of the assets.

Over time, our hope is that the Association will be able to collaborate with central banks on issues such as direct custody of cash or cash equivalents and very short-term government securities or the integration of the Libra payment system with CBDCs. This would reduce credit and custody risk, streamline the operations of the Reserve, and provide additional comfort to Libra Coin holders.

If Libra Networks faces negative yields in the custody of any of its very short-term government securities or cash or cash equivalents, it will have to cover these costs through its other revenue streams (e.g., transaction and other fees). Positive interest on the Reserve’s assets, if available, will be used to cover the costs of the system, ensure low transaction fees, augment the required capital buffer, and support growth and adoption. The rules for allocating interest on the Reserve will be set in advance and overseen by the Association. Libra Coin holders will not receive a return from the Reserve.

Custody and Designated Dealers

The assets comprising the Reserve will be held by a geographically distributed network of well-capitalized custodian banks to provide both security and decentralization of the assets. We expect that these institutions will already have a number of risk mitigation practices in place. The Association proposes to put additional measures in place with these custodians that are designed to ensure that Reserve assets cannot be used for lending, pledging or repledging, or otherwise be removed, even temporarily, from the Reserve’s account or encumbered to secure an obligation of a custodian unrelated to the custody services provided to Libra Networks.

Libra Networks will not directly interface with consumers, but will instead partner with a select number of Designated Dealers to extend liquidity to consumer-facing products, such as wallets and exchanges. These Designated Dealers will commit to making markets within tight spreads and will be able to accommodate high volumes of trading. If extreme circumstances occur and Designated Dealers no longer make markets in Libra Coins, Libra Networks will call on a pre-existing arrangement with a third-party administrator or dealer to assist, in an administrative capacity, in burning Libra Coins for end users and liquidating assets comprising the Reserve to make payment as appropriate. These emergency operations will always be implemented under the guidance of the relevant regulators.

Emergency operations

The Association is focused on implementing a system that mitigates risk, includes appropriate loss-absorbing capital buffers, and facilitates ongoing and comprehensive supervision. Nevertheless, we are mindful of the need to plan for stress scenarios that could result in a run or otherwise threaten the viability of the Libra payment system – even though the occurrence of those stress scenarios and the possibility of the Libra payment system becoming non-viable is highly unlikely. In the context of a recovery and resolution plan, the Association is considering whether to provide for two key components that could be implemented in severe stress scenarios in the unlikely case that the Libra network is unable to convert the very short-term government securities in the Reserve into cash fast enough to satisfy all requests to burn Libra Coins without incurring fire-sale losses:

Redemption stays, which would delay Libra Coin redemptions and allow for additional time to liquidate the Reserve’s assets during a window of time without incurring large fire-sale losses.
Early redemption haircuts, which would impose a fee for instant redemptions and require coin holders to internalize their negative externality (i.e., fire-sale losses) in a run.

The goal of both these measures would be to slow the speed of a run on the Reserve.

Finally, even if the Association or the Libra network fails altogether, we still plan to protect Libra Coin holders to the best of our ability. First, because the Reserve will consist primarily of very short-term government securities, which will self-liquidate on a continuous basis, the Reserve can generate a lot of cash very quickly to use in burning Libra Coins. Second, if the self-liquidation of these securities does not generate enough cash fast enough to satisfy all demands to burn Libra Coins, Libra Networks should be able to sell large amounts of these securities at only a small discount to face value. Third, if the sale of these securities would result in fire-sale losses, Libra Networks would have the option to temporarily suspend redemptions and liquidate its remaining assets over a window of time deemed sufficient to minimize market impact. If Designated Dealers are operating, they would be expected to receive, on behalf of consumers, funds in exchange for Libra Coins based on the liquidation of a portion of the Reserve’s balance. If no Designated Dealers are operating, the Association will rely on a third-party administrator to assist these operations. The Association will work with regulators to develop a mechanism to return funds in the Reserve to end users in the event that neither Designated Dealers nor the standby third-party administrator or dealer are operating.

The full backing of each coin is an essential component of the overall Libra payment system. We take threats to the Reserve very seriously, but we are confident the approaches described above will protect our users against a wide range of risks, however unlikely they may be.

Section 05

Compliance and the Prevention of Illicit Activity

Trust in the safety, security, and integrity of the Libra payment system is imperative to encourage people and businesses to participate in the network. All payment systems face constantly evolving security threats and other risks. The Libra Association recognizes the importance of building Anti-Money Laundering (AML), Combating the Financing of Terrorism (CFT), sanctions compliance mechanisms, and mechanisms for the prevention of illicit activities to effectively address threats and risks. With the mission of the Libra Association in mind, our challenge is to design a system that addresses important policy concerns and is broadly available to underserved populations.

The Association and its subsidiaries are committed to creating a payment system that is legally compliant, safe, and consumer-friendly and to supporting efforts by regulators, central banks, and lawmakers to ensure that the Association and its subsidiaries contribute to the fight against money laundering, terrorism financing, and more. The Association and its subsidiaries will implement the following compliance framework designed to ensure that they meet their regulatory obligations and to support compliance by Libra payment system participants. Protocol-level controls will assist the Association and its subsidiaries in facilitating and encouraging a high standard of compliance.

Types of participants and payments activity on the Libra network

The following summarizes the specific roles of participants in the Libra network:

Entity: The Association and/or one of its subsidiaries

Responsible for the governance of the Libra network and the development of the Libra project.
Conducts due diligence on Association Members, Designated Dealers, and validators.
Controls the process of minting and burning Libra Coins.
Establishes compliance standards for network participants, and implements protocol-level and other compliance controls.
Operates a Financial Intelligence Function (FIU-function) to monitor the network and flag suspicious activity.

Entity: Association Members

Participate in Association governance.
Will be subject to periodic due diligence by the Association.

Entity: Designated Dealers

Entities that have the right, pursuant to a contract with Libra Networks, to purchase Libra Coins from and sell Libra Coins to Libra Networks.
Buy Libra Coins from and sell Libra Coins to exchanges and over-the-counter (OTC) dealers to facilitate the market in Libra Coins for end users.
Will be subject to periodic due diligence by the Association and/or its subsidiaries, and are expected to be well-capitalized financial institutions with expertise in the foreign exchange markets.

Entity: Virtual Asset Service Provider

Defined in the June 2019 Financial Action Task Force (FATF) guidance (FATF Guidance) on virtual assets and virtual asset service providers.
Entities that perform exchange, custody, or other similar financial services for customers on the Libra network.
Certain Virtual Asset Service Providers (VASPs) will be able to operate on the Libra network without transaction and address balance limits; these entities will be regulated entities and will be required to undergo a risk-based due diligence process established by the Association or one of its subsidiaries that will include confirming that the VASP is registered or licensed as a VASP in a FATF member jurisdiction, or is an entity that is registered or licensed in a FATF member jurisdiction and is permitted to perform VASP activities under such license or registration (Regulated VASPs). In addition, certain other VASPs will be subject to a risk-based compliance certification process by either the Association or a third-party service provider applying standards set by the Association or one of its subsidiaries (Certified VASPs).
The Association may consider establishing transaction and address balance limits on a certain Regulated and Certified VASP commensurate with its risk profile, if appropriate.

Entity: Unhosted Wallet Users

Libra Blockchain addresses other than those associated with a Regulated VASP, Certified VASP, or Designated Dealer.
These addresses will be subject to controls, among them transaction and address balance limits that, along with other controls, will be enforced by the protocol.

Details of compliance and safety controls across the Libra network

A. Association will create a comprehensive Compliance Program

The Association will implement a comprehensive Compliance Program designed to meet or exceed relevant laws and requirements. At a minimum, the Compliance Program will:

Designate a Chief Compliance Officer.
Designate a committee with oversight reporting responsibilities.
Develop written AML/CFT/sanctions compliance policies and procedures based on a risk assessment and approved by the board of directors of the Association (and/or the boards of directors of its subsidiaries).
Perform risk-based due diligence on all Members, Designated Dealers, and Regulated and Certified VASPs.
Periodically revise the AML/CFT/sanctions programs as appropriate, based on periodic risk assessments
and evolving regulatory requirements.
Create an FIU-function to facilitate monitoring for potential suspicious and sanctioned activity on the
Libra network, increasing the safety and compliance of the network.
Designate a function such as Internal Audit that meets the standards of independence required to
conduct periodic independent reviews of the Association’s AML/CFT/ sanctions compliance programs.
Perform relevant employee training.

B. Association will set mandatory standards for unrestricted use of the Libra payment system

The Association and/or one of its subsidiaries will set mandatory standards for Members, Designated Dealers, Regulated VASPs, and Certified VASPs for entry on the Libra network. Entities that meet these standards may transact on the Libra network without being subject to transaction and address balance limits, or, in some cases, may be subject to higher limits than those assigned to Unhosted Wallets.

C. Association will conduct due diligence on Association Members and Designated Dealers

The Association and/or one of its subsidiaries will conduct due diligence on all future Members before their admission to the Association and on potential Designated Dealers prior to entering into written agreements with them.

This due diligence will be conducted against Association-set standards for Members and Designated Dealers, as appropriate, designed to ensure high levels of compliance, reputability, and trustworthiness. This due diligence will include, but not be limited to, a review of each Member’s or Designated Dealer’s:

Entity status
Sanctions screening
Negative news
Beneficial owners and control persons
Adherence to applicable AML/CFT/sanctions compliance regulatory requirements (if any)
Licenses and registrations
Entity location and the geographic reach of its customer base

During this due diligence, the Association and/or one of its subsidiaries will also verify that all Designated Dealers fulfill requirements with respect to capitalization and expertise in foreign exchange markets and that all Designated Dealers will, in turn, conduct due diligence on their downstream counterparties in the Libra payment system.

In addition to conducting its due diligence review for future Members and Designated Dealers, the Association and/or one of its subsidiaries will also conduct periodic, ongoing risk-based due diligence of existing Members and Designated Dealers.

D. Association will distribute Libra Coins through regulated Designated Dealers

Libra Networks will mint Libra Coins intended for distribution to the market only with Designated Dealers and will redeem Libra Coins only from those Designated Dealers. These Designated Dealers will be regulated, well-capitalized financial institutions that will have the right — pursuant to a contract with Libra Networks — to purchase Libra Coins from and sell Libra Coins to Libra Networks. In turn, these entities will buy Libra Coins from and sell Libra Coins to exchanges and OTC dealers to facilitate the market in Libra Coins for end users. Libra Networks will mint and burn Libra Coins with the Designated Dealers and will not have any contractual relationship with any exchanges or end users, save for certain contingent contractual rights that may exist in the context of Emergency Operations.

E. Only Regulated or Certified VASPs will be allowed to transact on the network without transaction and address balance limits

The Association expects that most people will interact with the Libra payment system through VASPs. VASPs will facilitate transactions by their users and may record some transactions internally on their own books instead of on the Libra Blockchain. Regulated VASPs and Certified VASPs, as described below, will be permitted to use the Libra payment system without being subject to the transaction and address balance limits for Unhosted Wallets (described below).

Regulated VASPs

A Regulated VASP is a VASP that is registered or licensed as a VASP in a FATF member jurisdiction, or any entity that is registered or licensed in a FATF member jurisdiction and is permitted to perform VASP activities under such license or registration.

An entity that seeks treatment as a Regulated VASP must submit a request for approval to the Association or one of its subsidiaries containing at minimum:

Proof of licensing or registration in a FATF member jurisdiction where such license or registration permits the licensee or registrant to perform VASP activities;
Representation that the entity has obtained all licenses and registrations required in the jurisdiction in which it is located and operates. Based upon the information provided by the entity and the performance
of appropriate risk-based due diligence on the entity, the Association or one of its subsidiaries will verify that the entity is properly licensed or registered as a VASP in a FATF member jurisdiction, or is an entity that is registered or licensed in a FATF member jurisdiction and is permitted to perform VASP activities under such license or registration;
Demonstration of a reasonable risk-based regulatory compliance program and controls.

Upon successful verification and a risk-based due diligence review of the VASP by the Association, one of its subsidiaries, or a vetted third-party service provider, the entity will be permitted to create Regulated VASP addresses on the Libra network. These addresses will enable a Regulated VASP to conduct its business without being subject to transaction or address balance limits. The Association may also consider assigning certain Regulated VASP addresses with transaction and address balance limits commensurate with their risk profile.

The Association or one of its subsidiaries will record and publish a directory of Regulated VASPs and their status. The entity will be required to recertify its Regulated VASP status on an annual basis, and the Association, one of its subsidiaries, or a vetted third-party service provider will also perform ongoing monitoring for any changes in the regulatory status of Regulated VASPs or other developments associated with the VASPs risk profile.

Certified VASPs

A Certified VASP is a VASP that does not qualify as a Regulated VASP but has been certified under standards established by the Association. Certified VASP status is intended to permit VASPs that operate in a FATF jurisdiction without VASP regulations or in a non-FATF member jurisdiction and meet appropriate standards to provide services on the Libra network without being subject to the same transaction and address balance limits imposed on Unhosted Wallets (described below). Any VASP from a FATF member jurisdiction that has implemented a licensing or registration regime must be licensed or registered, as appropriate, and would be subject to Regulated VASP due diligence.

The highest level of Certified VASP would be for a VASP that meets requirements as established by the Association, which are expected to be consistent in principle with those imposed under the FATF Guidance. The Association may consider establishing lower levels of certification for certain Certified VASPs with transaction and address balance limits commensurate with their risk profile.

An entity that seeks treatment as a Certified VASP will apply for certification, and demonstrate that it meets the relevant standards established by the Association and has in place a reasonable risk-based compliance program and controls. The certification could be provided by the Association, one of its subsidiaries, or by one or more vetted third-party certification providers approved by the Association. This could include, for example, a Designated Dealer that performs due diligence as part of its Know-Your-Business (KYB) program or a designated independent audit firm that charges applicants for the certification service.

The Association or one of its subsidiaries will record and publish a directory of Certified VASPs and their status. The VASP will be required to recertify its Certified VASP status on an annual basis, and the certifying entity will also perform, or will be required through another certifying entity to have performed, appropriate risk-based due diligence on the VASP and ongoing monitoring of its status.

Unhosted Wallet activity for users will be subject to transaction and address balance limits and other controls

The Association believes it is important that the Libra network permits direct access by non-VASPs, namely Unhosted Wallets, as a means of enabling financial inclusion, providing broad access to financial services, and fostering innovation and competition:

Financial inclusion:The goal of the Association is for the Libra network to be as inclusive as possible within the current regulatory framework. The network will benefit a large global underbanked and unbanked population who may not have access to a Regulated or Certified VASP, many of which will not find it commercially feasible to service these groups. The Association believes that permitting access by Unhosted Wallets will allow those without access to financial services to benefit from the secure, low-cost, and fast payment services offered by the Libra network.

Today, 1.7 billion adults globally remain outside of the financial system with no access to a traditional bank, even though one billion have a mobile phone, and nearly half a billion have internet access. Unhosted Wallets are key to addressing their needs.

Fostering innovation and competition:Unhosted Wallets allow the Libra network to offer software developers a platform with built-in security features, such as protocol-level sanctions screening, compliance infrastructure (such as the FIU-function), access to a wide population, and a low barrier to entry. These attributes allow for increased innovation and competition, leading to higher-quality consumer wallets.

Unhosted Wallets also ensure access to innovative products powered by smart contracts. Just as a payment system helps participants settle payments and manage counterparty risk, smart contracts allow participants to agree on more complex business logic that is executed directly by the Libra network, enabling innovative applications. We expect that smart contracts have the potential to add useful functionality to the Libra network beyond its core functionality. Such smart contract modules will be made available for use and development over time, subject to approval by the Association or one of its subsidiaries, which will be granted in cases where satisfactory controls are implemented against regulatory and other risks. Unhosted Wallets ensure that all users can access these innovative services, even if they cannot find a Regulated or Certified VASP that supports that smart contract functionality.

The Association recognizes that Unhosted Wallets may pose increased compliance and financial crime risks. To address those risks, all Unhosted Wallets (i.e., all Libra Blockchain addresses other than those associated with a Regulated or Certified VASP or Designated Dealer) will be subject to additional controls.

The Libra protocol will enforce a transaction limit and a maximum address balance on each Unhosted Wallet address. Any user who wishes to transact at levels beyond these limits will be required to work with a Regulated or Certified VASP.

The Association recognizes that bad actors may attempt to circumvent these threshold limitations and controls by creating and using multiple Unhosted Wallets to remain within the transaction and address balance limits while not operating as a Regulated or Certified VASP. The FIU-function will specifically seek to detect and deter such activity (as explained in Section H below).

F. Automated protocol-level compliance controls will apply for all on-chain activity

The Association will include certain compliance controls directly in the Libra protocol. These controls are designed to enforce certain compliance requirements for all transactions on the Libra Blockchain.

The following are some of the compliance controls that will be implemented as part of the Libra protocol:

Sanctioned addresses: Protocol-level controls will apply to all network participants, including Unhosted Wallets and VASPs, and automatically prevent transactions involving blockchain addresses identified by authorities as associated with sanctioned persons (sanctioned blockchain addresses). In addition, these controls can be used to restrict amounts stored in sanctioned blockchain addresses.
Sanctioned jurisdictions: Protocol-level controls will automatically prevent transactions originating from IP addresses associated with sanctioned jurisdictions.
Unhosted Wallet limits: Protocol-level controls will enforce transaction and address balance limits on Unhosted Wallets.
VASP certifications: Protocol-level controls will enforce certification renewal requirements on Regulated and Certified VASPs.
Travel Rule: The Libra protocol will require Regulated and Certified VASPs to attest to compliance with the Travel Rule when transacting. An off-blockchain protocol will assist Regulated and Certified VASPs in complying with the Travel Rule (as described in Section G below).

G. Association will develop an off-blockchain Travel Rule protocol

The Association will develop an off-blockchain protocol to facilitate compliance by Regulated and Certified VASPs with applicable Travel Rule and record-keeping requirements. This protocol will facilitate the exchange of information between these Libra network participants to facilitate their own compliance and will include an open-text field to allow for the sharing of supplemental information. Unhosted Wallet addresses can use this off-blockchain protocol to submit required or requested data to Regulated and Certified VASPs. The Association will maintain a public directory of Regulated and Certified VASPs, and Regulated and Certified VASPs will publicly attest to their compliance with applicable Travel Rule and record-keeping requirements (as described in Section F above).

H. Association’s FIU-function will monitor Libra network activity and coordinate with Libra network participants

The Association and/or one of its subsidiaries will operate an FIU-function with the goal of maintaining high levels of compliance within the Libra payment system. The FIU-function will monitor Libra network activity and work with both government authorities and service providers to seek to detect and deter inappropriate use of the platform.

Cooperating with Libra network participants

Regulated and Certified VASPs and Designated Dealers operating in the Libra network will maintain their own compliance programs that will be subject to periodic reviews by the Association or one of its subsidiaries, or a vetted third-party service provider as part of its risk-based due diligence. The FIU-function will seek to coordinate with these network participants to detect and report potentially illicit or evasive activity. Subject to applicable law, the FIU-function will cooperate and coordinate with Designated Dealers, Regulated and Certified VASPs, and other network participants to gather and share risk signals and compliance insights (e.g., recognition of new typologies, addresses associated with elevated risk, and structuring).

Detecting suspicious activity and protocol compliance control evasion

An important goal of the FIU-function will be to detect suspicious activity and deter attempts to evade protocol compliance controls, which includes the evasion of sanctions geoblocking, as well as transaction and address balance limits. The FIU-function will use network analysis techniques to seek to detect suspicious activity across the Libra network and partner with service and technology providers in the blockchain monitoring space.

If any such activity is detected, the FIU-function will share elevated risk signals with network participants and with the relevant authorities as permitted or required by applicable law. Such addresses may also be restricted based upon court orders or administrative orders issued or obtained by government authorities.

I. Association will respond to identified potentially suspicious and sanctioned activity, including through reporting

When potentially suspicious and/or sanctioned activity is identified by the Association’s FIU-function, the Libra Blockchain addresses and supporting evidence may be shared with blockchain monitoring service providers and with network participants, subject to applicable law. We expect service providers will also integrate this information into their overall data set to inform network participants and regulators.

In order to deter abuse, the FIU-function will notify VASPs, as appropriate and subject to applicable law, of the Libra Blockchain addresses of Unhosted Wallets that are potentially attempting to circumvent established limits.

Reporting and law enforcement

The Association’s FIU-function will actively monitor the network and will utilize risk signals shared by Designated Dealers, Regulated and Certified VASPs, Members, and other network participants as appropriate. When potentially suspicious and sanctioned activity is detected, the FIU-function will submit appropriate reports to applicable authorities as permitted or required by applicable law.

The Association’s FIU-function will cooperate, to the extent permitted or required by applicable laws, with requests for information or assistance from law enforcement related to the use of the Libra network.

Section 06

An Open and Competitive Network

The safety and integrity of the Libra network are at the forefront of the Libra Association’s efforts. We started our journey with businesses and nonprofit organizations that share our vision to facilitate a more connected global payment system built and governed as a public good. At the same time, it is crucial to establish a clear path for membership renewal and expanded participation over time.

We believe that competition is a prerequisite for building a highly interoperable, efficient, and innovative payment system. In the first Libra white paper, we sought to achieve this goal by announcing our intention to eventually transition the network to a permissionless system. However, in the months since, a key concern expressed by regulators in a number of jurisdictions, including the Swiss Financial Market Supervisory Authority (FINMA), is that it would be challenging for the Association to guarantee that the compliance provisions of the network would be maintained if it were to transition to a permissionless network where, for example, no due diligence is performed on validators.

Here we present the approach the Association is exploring to offer new entrants the ability to compete for the provision of core network services and participate in the governance of the Libra network while ensuring the Association’s ability to meet regulatory expectations. Some of the most important objectives of a permissionless network that we propose to incorporate are the ability of new entrants to compete for:

The provision of payments and financial services to businesses and consumers.
The opportunity to run independent validator nodes that increase the security and reliability of the Libra consensus protocol by having non-correlated failure risks.
Active participation in the governance and evolution of the Libra project.

The Libra project achieves the first objective at the outset as the network is modeled after an open technology standard, and the Libra protocol is built for a high degree of interoperability. The second and third objectives require a market-driven process that allows newly qualified Association Members to enter and compete with existing ones. In the next section, we provide a high-level overview of how this could work.

Exploring an Open, Transparent, and Competitive Market for Network Services and Governance

An open, transparent, and competitive process for the provision of network services and governance of the network is key for 1) expanding the membership base of the Association and 2) ensuring its renewal over time. At both stages, the Association will set open-call criteria to ensure that the selection process is objective and transparent, and also that it incorporates critical dimensions for the growth, diversity, safety, and integrity of the network.

1. Expanding membership: The Association plans to rely on open calls for new Members and define how many membership slots are available in each round. Potential applicants will submit an application that could cover dimensions such as:

Basic information proving that the applicant satisfies the membership requirements, including
compliance due diligence.
Technical information showing the applicant’s ability to successfully run a validator node.
Economic performance information that supports the applicant’s past and future ability to drive growth on the Libra network.
Financial contribution to support the Association’s operating costs and incentives.

The information from the application form would be used to calculate a transparent Member Contribution Score (MCS), which would be used to rank applications. The terms used to calculate the MCS would be public before each open call is run. Such scores are commonly used in allocation mechanisms today (e.g., admission processes and advertisement auctions).

2. Renewing membership: The Association’s goal is to ensure that new Members can enter and compete for the provision of core network services and contribute to governance while existing Members can renew their participation based on good performance — both in terms of running a validator node and in driving adoption. Over time, the Association could transparently modify the MCS calculation and selection process to meet new needs and to balance continuity with change, while ensuring it remains based on objective and non-discriminatory criteria. All of these decisions would be made while taking into account antitrust and competition issues and regulatory compliance requirements, and in accordance with the governance procedures under the Charter.

In the event that a Member undermines the integrity or safety of the network, the Association could have a mechanism for removing the Member from the validator set, and, in extremely severe cases, for expulsion from membership. Removal from the validator set might also be triggered by material violations of the membership eligibility criteria, regulatory issues, criminal proceedings, or interference with the health and integrity of the network. The Association will also have a process to commence an off-cycle open call for new Members in the event of a severely underperforming network or other major governance challenges.

Section 07

The Libra Association

We believe that making the Libra mission a reality is best accomplished by diverse and independent collaborators. This is the role played by the Libra Association — an independent membership organization — and its wholly-owned subsidiary Libra Networks, both headquartered in Geneva, Switzerland. The Association strives to be a well respected international institution. The choice of Switzerland as the home for the Association is motivated by its openness towards financial innovation, commitment to robust financial regulation and history as a hub for international organizations.

The Association is designed to facilitate the operation of the Libra payment system; to coordinate the agreement among its stakeholders in their pursuit to promote, develop, and expand the network; to oversee the administration of the Libra Reserve; and to facilitate the provision of services in the Libra payment system in a safe and compliant manner.

The Association is governed by the Association Council, which is comprised of one representative per Association Member. Each Council representative is entitled to one vote on each matter brought to the Council for approval. Together, they make policy decisions on the governance of the Libra network and Reserve. Currently, the Members consist of businesses and nonprofit organizations from around the world. The Council may delegate its authorities to the board and the executive staff of the Association and rely on the board and the executive staff for the execution of its decisions. Major policy decisions require the consent of two-thirds of the Council representatives, the same supermajority of the network required in the Libra Byzantine Fault Tolerance (LibraBFT) consensus protocol.

Through the Association, the Members will align on the network’s technical roadmap and development goals. In that sense, the Association is similar to other not-for-profit entities — often in the form of foundations — that govern other open-source projects. In December 2019, the Council appointed a Technical Steering Committee (TSC), comprising representatives from five Member organizations, tasked with overseeing and coordinating the technical design and development of the Libra network. As the Libra network relies on a growing distributed community of open-source contributors to further itself, the Association’s TSC is an important vehicle to establish and supervise a process for the community to decide on which protocols or specifications to develop and adopt, as well as to serve as a resource supporting all developers working on Libra-related contributions.

The Association is the parent of Libra Networks, which is the entity directly responsible for operating the Libra payment system, minting and burning Libra Coins, and administering the Reserve. As such, Libra Networks is in the process of applying for a license as an operator of a payment system from the Swiss Financial Market Supervisory Authority (FINMA). If and once the payment system license is granted, Libra Networks will be subject to ongoing prudential supervision by FINMA. As a consequence, decisions that affect its license, such as modifications of the rules regarding the administration of the Libra Reserve or the addition of new lines of services, may require the prior approval of FINMA. In addition to its direct supervision of the licensed Libra Networks, FINMA will also supervise the Association and its other subsidiaries on a consolidated basis. Libra Networks is the only party able to create (mint) and destroy (burn) Libra single-currency stablecoins. Single-currency stablecoins are only minted when Designated Dealers have purchased those coins from Libra Networks with fiat assets to fully back the new coins. Single-currency stablecoins are only burned when the Designated Dealers sell Libra Coins to Libra Networks in exchange for the underlying assets. Designated Dealers will have a contractual right to sell single-currency stablecoins to Libra Networks at a price equal to the face value of the underlying fiat currency. These activities of Libra Networks are governed and constrained by a Reserve Management Policy that can only be changed by a Member supermajority, subject to regulatory approval. In addition to the single-currency stablecoins, the Libra network will support multi-currency ≋LBR that will be implemented as a smart contract aggregating single-currency stablecoins using fixed nominal weights (e.g., ≋USD 0.50, ≋EUR 0.18, ≋GBP 0.11, etc.).

Libra Networks is also tasked with facilitating the provision of services on the Libra Blockchain in a safe and compliant manner. This effort will be led and managed by a Chief Compliance Officer and the Financial Intelligence Function (FIU-function). They will, among other activities, conduct due diligence and continuous monitoring to ascertain the integrity, lawfulness, and legally compliant conduct of all Members, Designated Dealers, and Virtual Asset Service Providers (VASPs), such as custodial wallets or exchanges, that have an address on the Libra Blockchain; govern the implementation of protocol-level sanctions controls; govern the implementation of protocol-level transaction and address balance limits where required, per its policies; facilitate and guide the adherence to the Travel Rule on the Libra Blockchain; monitor the activity on the Libra Blockchain to detect suspicious activity, including attempts to circumvent network limits; and partner with regulators and law enforcement through reporting suspicious activities and acting on them as appropriate. These activities and others are further described here.

In the near-term, there are additional roles that need to be performed on behalf of the Association: the recruitment of additional Members; the design and implementation of incentive programs to propel the adoption of the Libra payment system, including the distribution of such incentives; and the establishment of the Association’s social impact grant-making program.

An additional long-term goal of the Association is to develop and promote an open identity standard. We believe that decentralized and portable digital identity is a prerequisite to financial inclusion and competition. In addition, the Association aims to build an open, transparent, and competitive market for network services and governance where new participants face the lowest possible barriers to entry.

For more on the Association, please read here.

How to get involved

The Association envisions a vibrant community of developers building apps and services to spur the global use of the Libra network. The Association defines success as enabling any person or business globally to have fair, affordable, and instant access to their money. For example, success means that a person working abroad has a fast and simple way to send money to family back home, and a college student can pay their rent as easily as they can buy a coffee.

Our journey is just beginning, and we are asking the community to help. If you believe in what the Libra network could do for billions of people around the world, share your perspective, and join in. Your feedback is needed to make financial inclusion a reality for people everywhere.

If you are a researcher or protocol developer, a preview of the Libra testnet is available under the Apache 2.0 Open Source License, with accompanying documentation. The testnet is still a prototype under development, but you can read, build, and provide feedback right away. The Association is committed to building a community-oriented development process and opening the platform to developers. The Association’s TSC has appointed a Lead Maintainer and an initial group of Maintainers and has established open and transparent processes for the acceptance of technical proposals for Libra Improvement Proposals (LIP). These will be published shortly.
If your organization is interested in applying for social impact grants from the Association, read more here.

Section 8

What’s Next?

It has been an important nine months since our initial announcement of the Libra project. The Libra Association has had many helpful discussions with regulators, central bankers, elected officials, and various stakeholders around the world to determine the best way to marry blockchain technology with accepted regulatory frameworks. Further, the Association participated in conversations for the G7 report on stablecoins, and engaged in constructive dialogue with international stakeholders such as the Financial Stability Board, World Bank Group, International Monetary Fund, Bank for International Settlements, Inter- American Development Bank, World Economic Forum, and central banks and financial system authorities in jurisdictions around the world. It has also been exciting to see thousands of developers engage with the open-source Libra Blockchain code, and their work has made millions of test transactions on the Libra testnet. The Association has elected a board of directors, added new Members, and established a strong, independent operating cadence. Most importantly, international discussion around financial innovation and inclusion has accelerated.

Operating a payment system that can support responsible financial services innovation requires ongoing engagement with key stakeholders at regional, national, and international levels. To this end, Libra Networks is in the process of filing for a payment systems license with the Swiss Financial Market Supervisory Authority (FINMA). We believe that lowering the barriers to entry to the modern financial system should not lower the bar of strong regulatory standards.

Looking ahead, the Association will continue to engage in constructive international dialogue about how to harmonize regulatory standards, approaches to consumer protection, and extending the perimeter of payments to include marginalized communities. The Association remains committed to public-private collaboration to deliver financial system innovations. Indeed, as the prospect of central bank digital currencies (CBDCs) becomes a reality, the expectation that the Libra payment system will be capable of being upgraded to support these public sector innovations is a design principle we aim to deliver.

The Libra Blockchain:

Over the coming months, the Association will work with the community to gather feedback on the Libra Blockchain testnet and bring it to a production-ready state. In particular, this work will focus on ensuring the security, performance, and scalability of the protocol and implementation.

The Association will construct well-documented APIs and libraries to enable users to interact with the Libra Blockchain.
The Association will institute a procedure for Libra Improvement Proposals (LIPs), open to community participation and scrutiny, where material changes to the protocol and software that support the Libra Blockchain will be discussed and reviewed.
The Association will create a framework for the collaborative development of the technology behind the Libra Blockchain using the open-source methodology.
The Association will perform extensive testing of the Libra Blockchain, which will range from tests of the protocol to constructing a full-scale test of the network in collaboration with entities such as wallet services and exchanges to ensure the system is working before launch.
The Association will work to foster the development and deployment of the Move language, allowing developers to use the safeguards inherent to the Move language to develop innovative financial applications. This will entail collaboration with regulators on defining appropriate safeguards for third-party publishing of smart contracts as well as an exploration of other financial programming contexts that would benefit from the innovations in Move.

The Libra Reserve:

The Association will establish custody agreements with a geographically distributed and regulated group of global institutional custodians for the Reserve.
The Association will establish operational procedures for the Reserve to interact with Designated Dealers and ensure high-transparency and auditability.
The Association will work with regulators to determine the best framework for determining the composition of fixed weights of single-currency stablecoins that comprise ≋LBR.

The Libra Association:

We will work to grow the Association Council through open, transparent, and competitive processes to further increase the geographic distribution and diversity of Association Members.
The Association will continue to develop its governance mechanisms and adopt key Association policies set forth under the Association’s Charter.
The Managing Director / Chief Executive Officer of the Association will be hired and will build out an executive team.
The Association will establish a Financial Intelligence Function (FIU-function) that will support and govern network-wide financial integrity. The FIU-function will become a center of excellence promoting best practices and techniques for the safe operation of blockchain-based payment systems.
The Association will identify social impact partners aligned with our joint mission and will work with them to establish a Social Impact Advisory Board and a social impact program.

Section 9

Conclusion

The mission of the Libra Association is to enable a simple global payment system and financial infrastructure that empowers billions of people. With more than 1.7 billion people who are either unbanked or underbanked around the world, large-scale innovation that promotes financial inclusion, compliance, and competition could help those who need it the most.

Since the release of the first Libra white paper on June 18, 2019, the Association has incorporated feedback from policymakers, regulators, and other stakeholders who have materially improved the design of the project. We are hopeful these changes ensure that the Association can achieve its ultimate goal of modernizing payment infrastructure and creating a core transport layer for value that is low-cost, interoperable, and compliant.

We are grateful for the engagement and commitment that so many organizations and individuals have demonstrated in helping define this opportunity for the world. We remain fully committed to the mission and are eager to begin delivering on it.

¹ Best Buy. “AT&T prepaid Alcatel CAMEOX device purchase.” Bestbuy.com.(Accessed: May 15, 2019). Available: https://www.bestbuy.com/site/at-t-prepaid-alcatel-cameox-4g-lte-with- 16gb-memory-cell-phone-arctic-white/6008102.p?skuId=6008102

² A. Demirgüç-Kunt, L. Klapper, D. Singer, S. Ansar, and J. Hess. The Global Findex database 2017: Measuring financial inclusion and the fintech revolution. World Bank Group, 2018. Globalfindex.worldbank.org. Accessed: May 15 2019. Available: https://globalfindex.worldbank.org/sites/globalfindex/ files/2018-04/2017%20Findex%20full%20report_0.pdf

³ OECD. Mobile phones: Pricing structures and trends. Paris, France: OECD Publishing, 2000, p. 67. Available: https://books.google.com/books?id=p- cP84M_GBeoC&pg=PA6&lpg=PA6&dq=1999+price+SMS+europe&source=bl&ots=TIbwgZWCmj&sig=ACfU3U2Z_yRawxW78qVSVO_wHCtRupoqoA&hl=en&sa=X- &ved=2ahUKEwjOmeG9tMHiAhVVFzQIHU8eBEMQ6AEwD3oECAkQAQ#v=onepage&q=SMS&f=false

We make no representation or guaranty that our current understanding of Libra Association’s expected future action or inaction will remain unchanged as events and circumstances unfold and as members of the Libra Association work to develop policies for Libra Association. We reserve the right to supplement the information contained herein as necessary to ensure the accuracy of such information.

Lexicon

Please note that the summary definitions presented here are for informational purposes only and are based on proposed concepts that may be subject to change.

Blockchain

The technology underpinning the Diem payment system. Blockchain is a technology that uses cryptography to allow a distributed collection of independent servers, or nodes, to operate a database of transactions.

Byzantine Fault Tolerant (BFT)

Byzantine Fault Tolerance (BFT) is the ability of a distributed system to provide safety guarantees in the presence of faulty, or "Byzantine," members. BFT consensus protocols are designed to function correctly even if some validator nodes — up to one-third of the network — are compromised or fail.

Central Bank Digital Currency (CBDC)

An electronic form of central bank money that could be used by households and businesses to make payments and store value (Bank of England, 2020).

Consensus protocol

Consensus protocol allows nodes to collectively reach an agreement on whether to accept or reject a transaction.

Cryptography

A tool for protecting the integrity of information, which is a key component of blockchain technology.

Designated Dealers

Entities that have the right, pursuant to a contract with the Diem Association subsidiary Diem Networks, to purchase Diem Coins from and sell Diem Coins to Diem Networks.

Fiat currency

Fiat money is a currency without intrinsic value that has been established as money by government regulation. Fiat money has value only because a government maintains its value, and because parties engaging in exchange agree on its value. It contrasts with commodity money (where the value of money comes from the materials that comprise it, e.g., actual gold coins) and representative money (in which money represents a claim on a physical asset, e.g., a gold standard).

Diem Association

The Diem Association is an independent membership organization headquartered in Geneva, Switzerland. Membership consists of geographically distributed and diverse businesses and nonprofit organizations. The Association’s purpose is to coordinate and provide a framework of governance decision-making for the Diem network and Diem Reserve; to oversee the operation of the Diem payment system; to facilitate the provision of services on top of the Diem Blockchain in a safe and compliant manner; and to establish social impact grant-making in support of financial inclusion.

Diem Blockchain

The technological backbone of the Diem payment system that has been built from the ground up to prioritize scalability, security, efficiency in storage and throughput, as well as future adaptability.

Diem Coins

Diem Coins consist of single-currency stablecoins (e.g., ≋USD, ≋EUR, and ≋GBP) and a multi-currency coin (≋XDX) and are backed by a reserve of assets made up of cash or cash equivalents and very short-term government securities.

Diem Core

The official name for the open-source implementation of the Diem protocol published by the Diem Association. This software is the first implementation of the Diem protocol and the Move language.

Diem Council

The Association is governed by the Diem Association Council, which comprises of one representative per Association Member.

Diem Networks

A Diem Association subsidiary that is directly responsible for operating the Diem payment system, minting and burning Diem Coins, and administering the Diem Reserve.

Diem Payment System

A global payment system built on blockchain technology to facilitate a more accessible and connected global financial system.

Diem Reserve

A collection of assets made up of cash or cash equivalents and very short-term government securities that fully back Diem Coins. The assets in the Diem Reserve will be held by a geographically distributed network of well-capitalized custodians to provide both security and decentralization of the assets.

DiemBFT

The Diem Blockchain uses the DiemBFT consensus protocol, adopting a Byzantine Fault Tolerant approach to consensus. See "Consensus protocol" and "Byzantine Fault Tolerant" for more detail.

Merkle tree

Merkle tree is a type of authenticated data structure that allows for efficient verification of data integrity and updates.

Move

Move is the name of a new programming language designed to make it safe and easy to program with digital assets. Move is used to implement custom transaction logic and smart contracts on the Diem Blockchain.

Multi-currency coin (or ≋XDX)

A digital composite of some of the single-currency stablecoins available on the Diem network that can be used as an efficient cross-border settlement coin as well as a neutral, low-volatility option for people and businesses in countries that do not yet have a single-currency stablecoin on the network.

Node

A node is a computer or server that operates the blockchain. It takes many nodes to form a distributed network.

Open source

Open source is a term used for software that makes the original source code freely available so that it can be distributed and modified.

Single-currency stablecoin

A digital representation of fiat currency that is backed 1:1 by a reserve containing cash or cash-equivalents and very short-term government securities denominated in the relevant currency.

Smart contracts

Smart contract is a term used for code published on a blockchain that can execute transactions. The Move programming language will implement smart contracts on the Diem Blockchain.

Social impact grants

The Diem Association will establish a social impact grant-making program in support of financial inclusion.

Stablecoin

Stablecoins are digital tokens that typically transact on a distributed ledger and rely on cryptographic validation techniques to be transacted, with the goal of achieving stable value relative to fiat currencies. (From G7 Working Group on Stablecoins, “Investigating the impact of global stablecoins,” October 2019)

Testnet

The testnet is a publicly deployed instance of the Diem network that runs using a set of validator test nodes. The testnet is a demonstration of the Diem network that is built for experimenting with new ideas. The testnet simulates a digital payment system and the coins on the testnet have no real-world value.

Unhosted Wallets

Diem Blockchain addresses other than those associated with a Regulated VASP, Certified VASP, or Designated Dealer.

Validator nodes

Independent servers around the world, called nodes, make up the network that operates the blockchain. A validator node is an entity that validates transactions on the Diem Blockchain. It receives requests from clients and runs consensus, execution, and storage.

Virtual Asset Service Providers (VASPs)

Entities that perform exchange, transfer, custody, or other similar financial services for customers on the Diem network.

Regulated VASPs

VASPs that are registered or licensed as a VASP in a Financial Action Task Force (FATF) member jurisdiction, or entities that are registered or licensed in a FATF member jurisdiction and are permitted to perform VASP activities under such license or registration. A Regulated VASP must receive approval to operate on the Diem network following risk-based due diligence conducted by the Association’s subsidiary, Diem Networks, or an authorized third-party service provider.

Certified VASPs

VASPs that do not qualify as a Regulated VASP but have been certified by Diem Networks or an authorized third-party service provider under standards established by the Association’s subsidiary, Diem Networks.