This paper proposes a CBDC design trilemma, the claim that central banks cannot simultaneously maximize privacy, financial stability, and regulatory compliance when designing retail central bank digital currencies and finds the existing literature consistent with this proposition. Through a systematic review of 140 peer-reviewed articles (Web of Science SCIE/SSCI indexes, 2014–2026, supplemented by Scopus and SSRN), evidence is synthesized across four thematic dimensions: design frameworks and architecture, financial stability and banking risk, privacy and security trade-offs, and user adoption and institutional quality. Cross-tabulation of coded data supports all three pairwise tensions: privacy-enhancing designs weaken AML/CFT enforcement, anonymous holdings amplify bank-run risk, and stringent prudential safeguards constrain transaction monitoring. The literature converges on two-tier, hybrid architectures with tiered privacy as the dominant compromise a “zone of feasible design”, that sacrifices full optimality on each vertex. Nine research gaps are identified, most critically the scarcity of empirical evidence from live deployments, the neglect of wholesale CBDC, and insufficient analysis of cross-border interoperability. The framework offers policymakers a structured lens for evaluating retail CBDC design trade-offs and researchers a testable proposition for future empirical work.
Said et al. (Thu,) studied this question.