Terms of Reference for Technical Implementation


CBWeb3

Version 1.1 – 23/06/2025



 Background 

In 2019, the IDB Lab1 launched the regional program called «Global Alliance for the Development of the Blockchain Ecosystem in Latin America and the Caribbean (LACChain)».    LACChain was created with the aim of accelerating the development of a blockchain ecosystem with social impact in the Latin American and Caribbean (LAC) region. The Alliance has 68 partners to date and has enabled the deployment of more than 120 blockchain solutions, providing services to millions of beneficiaries. 

On December 3, 2024, the IDB approved the project «Phase I (Takeoff): A Regional Solution to Accelerate the Deployment of Central Bank Digital Currencies (CBDCs) for Inclusion in Latin America and the Caribbean.» This Project seeks to enable a regional testnet for Latin America and the Caribbean that allows the issuance of CBDCs and the tokenization of financial assets, with a focus on cross-regional interoperability between central banks and financial institutions. The testnet will build on LACNet‘s technological capabilities and blockchain infrastructure, and will leverage Korean expertise in the field, including the participation of Korean entities from the public, private, and academic sectors, such as the Bank of Korea (BOK), Korea Exchange (KRX), KAIST’s Network Security and Privacy Lab, and Sungkyunkwan University (SKKU). 

Purpose of service provision 

The purpose of this contract is to have a specialized technology firm that designs, develops, and implements the smart contracts, backend, frontend, and all the underlying systems necessary to ensure the integration and interoperability of the CBDC solution in hybrid mode (single ledger and hub-and-spoke). 

The service shall: 

  1. Ensure that the platform supports the defined use cases (issuance, redemption, PvP, DvP, FX p2p, tokenization, onboarding). 
  2. Ensure levels of security, privacy, and resilience consistent with international standards (BIS, FATF, OWASP). 
  3. Facilitate operational scalability and adaptability for its eventual productive deployment in different central banks in Latin America and the Caribbean. 

Main Activities 

  • Adjustment and validation of the roadmap and work plan. 
  • Documentation and mapping of use cases and user journeys. 
  • Definition and refinement of functional and non-functional requirements. 
  • Design of the reference architecture and specification of APIs. 
  • Development of smart contracts and backend microservices. 
  • Construction of the presentation layer: portals and dashboards. 
  • Deployment and configuration of the CBDC network in test environments. 
  • Preparation and execution of privacy, security, and performance test plans. 
  • Technical support and training for pilot participants. 

Areas of Decision and Scope of the Advisory Services 

The firm must advise and propose solutions in at least the following areas: 

Privacy & Security 

  • On-chain and off-chain anonymization models.  
  • Secure smart contract escrow mechanisms.  
  • Encryption and log management policies 

Identity and Authentication 

  • PKI vs OIDC vs SSI/DID evaluation.  
  • Authorization Architecture (RBAC/ABAC) 

Interoperability 

  • Hub-and-spoke patterns (Cacti, CCIP) vs single ledger.  
  • Node Governance and Updates in Hyperledger Besu. 

Architecture and DevOps 

  • Application deployment on GCP (Cloud Run, Functions, API Gateway).  
  • CI/CD Strategy and Observability (OpenTelemetry, Cloud Monitoring). 

Performance and Scalability 

  • Latency, throughput, and availability of SLAs.  
  • Stress and resilience test design. 

Technical and General Requirements 

  • Proven experience in CBDC or corporate blockchain projects (Hyperledger, Corda, enterprise Ethereum). 
  • Solid knowledge of Solidity (or chosen smart contract language) and backend development (Node.js/Java/Python). 
  • Ability to deploy and operate Hyperledger Besu nodes in cloud and on-premises environments. 
  • Mastery of agile methodologies (Scrum/Kanban) and CI/CD tools (GitHub Actions, Cloud Build). 
  • Certifications or compliance with safety standards (OWASP, ISO 27001) are a plus. 
  • Languages: Spanish and English fluent for documentation and communication. 
  • Commitment to confidentiality and intellectual property in favor of the contracting entity. 

Deliverables and Payment Schedule 

Deliverables: 

 

  • 1- Adjusted Roadmap and Work Plan 
    • Content: Refined version of the general project roadmap, with milestones, dependencies, associated deliverables, and detailed calendar of activities by sprints. 
    • Format: Word/PDF document with interactive Gantt chart (or link to agile management tool) and RACI matrix. 
    • Acceptance Criteria: Complete coverage of all phases of development; estimated dates for each sprint; assignees; validated by the LACChain team. 
  • 2- Use Case Documentation 
    • Content: Collaboration on User journey activities, user stories, stakeholder mapping, and flow/process diagrams.  
    • Textual descriptions and models (user stories, user flows) of all prioritized use cases: CBDC issuance/redemption, PvP, DvP, p2p FX, bond tokenization, historical query, onboarding/offboarding. 
    • Format: Word/PDF document with UML and/or Mermaid diagrams; appendix of input and output data requirements. 
    • Acceptance Criteria: Each use case has «actors», preconditions, detailed steps, post-conditions, and success criteria. 
  • 3- Documentation of Functional and Non-Functional Requirements 
    • Content: Review and collaboration in the development of the functional/non-functional requirements document (data and regulatory compliance). 
    • Complete list of functional requirements and non-functional requirements, structured by module (Payments, FX, Capital, Compliance) and by environment (single ledger, hub-and-spoke, mixed). 
    • Format: Word/PDF document with Id, description, and priority tables; links to the requirements of traceability matrix. 
    • Acceptance Criteria: 100% ≥ coverage of the defined modules; traceability to user journeys; validation of consistency by the Privacy and Interoperability fronts. 
  • 4- Revised Reference Architecture 
    • Content: Review and collaborate in the development of the architecture document based on the ISO 42010 standard, including views: functional, security, interoperability, and governance. 
    • Format: Word/PDF document with graphics in Visio/Draw.io or embedded mermaid; narrative description of each component. 
    • Acceptance Criteria: Aligned with PoC responses; meets latency and availability of SLAs; validated by the architecture team. 
  • 5- Smart Contract APIs 
    • Content: OpenAPI/Swagger specification of all endpoints that interact with smart contracts, backend, and/or exposed interfaces. 
    • Format: YAML/JSON file compatible with Swagger UI or Postman collection. 
    • Acceptance Criteria: Complete documentation of each operation; importable and testable collections; validated by the development team. 
  • 6- Test Execution Plan 
    • Contents: Unit testing, integration, end-to-end and performance strategy; scenarios for each module; success/failure criteria; environments (devnet, testnet). 
    • Format: Word/PDF document and sample scripts (pseudocode or YAML) for automation. 
    • Acceptance Criteria: Includes ≥ 3 levels of testing; 1:1 mapping with use cases; QA pre-approval. 
  • 7- Design Document 
    • Content: Development of the design document based on the IEEE 1016 standard. Technical details of the solution: sequence diagrams, classes, services, smart contracts, message patterns, fault tolerance, security. 
    • Format: Word/PDF document with UML/Mermaid diagrams, library, and dependency annexes. 
    • Acceptance Criteria: 90% component ≥ coverage; peer reviews approved; OWASP Top 10 checklist completed. 
  • 8- CBDC System Development with the Indicated Use Cases 
    • Contents: Source code for smart contracts (Solidity/Go), backend microservices, frontend, FX oracle, deployment scripts. 
    • Format: Git repository with branches organized by module; Installation and deployment README. 
    • Acceptance Criteria: Successful build and deployment on devnet; unit testing ≥ 90% coverage; past basic code audit. 
  • 9- CBDC System Deployment with the Right Use Cases 
    • Contents: Terraform/Helm/Kustomize scripts or step-by-step guides for deployment on GCP (Cloud Run, Functions, Besu VMs), API Gateway and Pub/Sub configuration. 
    • Format: Collection of scripts and playbooks in repository; Word/PDF document with start-up instructions. 
    • Acceptance Criteria: Reproducible deployment in staging environment; operational endpoints; synchronized nodes. 
  • 10- Configuring the CBDC System with the Right Use Cases 
    • Content: Parameterization of smart contracts (limits, FX pairs, enabled currencies), permission policies, OIDC certificates, SC escrow policies. 
    • Format: Configuration files (JSON/YAML) versioned in repository; parameterization guide. 
    • Acceptance Criteria: Configurations applied without errors; idempotent scripts; checklist validated by operations. 
  • 11- Code and Documentation Repository 
    • Content: Centralized repository with all sources, architecture documentation, API specs, test plans, CI/CD scripts. 
    • Format: GitLab/GitHub with folder structure, version tags, and wiki. 
    • Acceptance Criteria: Clear structure; README files in each module; access granted to stakeholders. 
  • 12- Test Execution Plan 
    • Contents: Test execution schedule on devnet and testnet, resource allocation, tools, tracking metrics. 
    • Format: Word/PDF document with planning table and responsibility matrix. 
    • Acceptance Criteria: Consistency with the Test Execution Plan; QA and Security approvals. 
  • 13- Technical Support to Participants 
    • Content: Service channels (Slack, email), response SLAs, support levels (L1, L2), escalation procedures. 
    • Format: Word/PDF document with table of contacts and service level agreements. 
    • Acceptance Criteria: Definition of clear SLAs; onboarding of the support team; response testing. 
  • 14- Roadmap for Productive Deployment 
    • Contents: Transition plan from staging to production, pre-go‐live validations, hardening checklist, rollback plan. 
    • Format: Word/PDF document with approval flow and schedule. 
    • Acceptance Criteria: Includes all go-live activities; security and governance signoffs. 
  • 15- Updated Repository 
    • Content: Final version of the repository with release tags, draft documentation, migration scripts and configuration templates. 
    • Format: Git with release tag v1.0 and changelog. 
    • Acceptance Criteria: Release tagged; changelog complete; CI/CD indicators in green. 
  • 16- Final Technical Report 
    • Content: Executive summary of all work done, performance metrics, lessons learned, recommendations for later phases. 
    • Format: Word/PDF document with evidence of attachments, performance charts, and test results. 
    • Acceptance Criteria: Coverage of 100% ≥ of previous deliverables; validated by technical committee; ready for presentation to stakeholders. 

Out of Scope: 

The following activities and deliverables are explicitly excluded from the scope of work for the external firm: 

Network Infrastructure Provisioning: Deployment, configuration and operation of the underlying blockchain network (Hyperledger Besu), which will be provided and managed by LACNet. 

RTGS Production Integration: Any direct integration, certification or go-live connectivity with live RTGS systems (e.g. Drex, FuSSE) beyond the PoC/testnet environments. 

Hardware Procurement & Management: Sourcing, provisioning or maintenance of physical servers, network appliances or HSM devices in on-premise data centers. 

Production-Grade SLA Guarantees: 24×7 production support, uptime guarantees or SLA commitments beyond the agreed 3-month post-delivery support period for the PoC. 

Non-CBDC Systems: Integration with non-CBDC legacy core banking systems, accounting platforms or external settlement networks other than those defined in the TOR. 

Marketing, Commercial Roll-Out or Sales Support: Any go-to-market activities, business development, sales collateral or marketing for the finished platform. 

Ongoing Operations & Monitoring: Long-term network operations, monitoring and incident management beyond the initial handover and runbook delivery. 

Data Center or Cloud Costing: Estimation, negotiation or billing for cloud services (GCP, VMs, storage, network bandwidth) or data center colocation fees. 

Advanced UX/UI Design: High-fidelity user research, usability testing, or extensive UI/UX prototyping beyond the baseline portal/dashboard templates agreed in the TOR. 

Payment schedule: 

Modality and duration 

  • Duration: 12 months 
  • Start date: August 1st, 2025. 
  • Workplace: Remote. 
  • Time Zone: Washington D.C., USA (GMT-5), with a flexibility of +/- 3 hours. 
  • Remuneration: Payment will be made by International/National Bank Transfer to an account that must provide the signature. The costs of bank commissions that may be charged by the recipient banks will be borne by the firm. 

Roles and Responsibilities 

The following roles and associated responsibilities are defined: 

  • Advisory Firm 
    • Design, development and delivery of all technical components. 
    • Documentation and training. 
    • Initial technical support. 
  • LACChain and LACNet’s  In-House Team 
    • Provide access to test environments and reference documentation. 
    • Coordinate meetings and validate deliverables. 
    • Manage the incorporation of changes in the TOR. 
    • Validation of deliverables 

Supervision 

The firm will report to the project manager appointed by the LACChain and LACNet teams. Performance will be periodically evaluated based on the fulfillment of the objectives, quality of the deliverables, and compliance with the established schedule. Such evaluations will be decisive for the authorization of the corresponding disbursements. 

Communications 

Effective and timely communication is essential for the success of this engagement. The external firm will provide weekly written progress updates via email to the LACChain responsible, participate in bi-weekly video conference calls to review milestones and address issues, and maintain an up-to-date status dashboard (e.g., in ClickUp or Jira) where all deliverables, action items, and risks are tracked. Any critical blocker or deviation from schedule must be escalated immediately to the steering committee via direct message and summarized in the next status report. All formal documentation and decisions will be recorded and archived in the shared project’s workspace. 

Approval Required:  

All external communications, including press releases, blog posts, slide decks, technical briefs or presentations, must receive prior written approval from the core project team composed of representatives from BID Lab, LACChain and LACNet before being disseminated externally. 

Proposal submission deadline: 25/07/2025 17:00 PM ET (Washingthon DC Time)

email: [email protected] 

Subject: RG-T4567 – Phase I – Proposal
Use the quotation template available here.
Share any additional relevant documents to support understanding of the quotation.

 

Facebook Twitter Google-plus Pinterest

Copyright 2025 © All rights Reserved. Designed by LACNet

Twitter Linkedin Youtube