RBI governor Shaktikanta Das announced on Tuesday that the regulator would bring out guidelines for ‘regulatory sandbox’ for Fintech within two months.

What’s a regulatory sandbox?

A regulatory sandbox is a regulatory approach which creates contained space to test innovations. It can be thought of as a ‘safe space’ where businesses can test new products or services in a supervised, regulatory environment. These are pilot projects with limited participants and consumers, that allow policy-makers to test the implications that changes in policy will have for businesses and consumers, while also limiting potential damages because of a restricted user base and supervised activity. From a business perspective, it allows them to test the viability and impact of new products, in a regulated environment, before a full fledged launch.

The first regulatory sandbox was introduced in the UK for fintech innovation in 2015, and ever since they have been established in over 20 countries including China, Singapore, Australia, and Canada. Here’s a lowdown on the basic outlines which may guide the RBI’s eventual guidelines, as laid out in the Report of the working group on FinTech and digital lending.

Objectives, and criteria for participation

1. What the Sandbox will do: The sandboxes will allow for live or virtual tests of new products or services for both regulated and unregulated firms. The regulator provides “the appropriate regulatory support by relaxing specific legal and regulatory requirements” for the duration of the sandbox. The sandbox enables product testing for viability without the need for a larger and more expensive roll out. If found to have potential, the product may be authorized to launch in the market. The product can also be modified while its still in the sandbox if concerns arise while testing.

2. Why they are doing it: The sandbox is aimed at providing a well-defined space for FinTech experimentation “to increase efficiency, manage risks better and create new opportunities for consumers”. According to the RBI, the sandbox will:

  1. Reduce regulatory uncertainty
  2. Reduce the time it takes to bring an innovative product to market.
  3. Support innovators by providing needed services.
  4. Improve access to supervisory authorities for financial market operators by creating a central point of contact.
  5. Play an active role as a catalyst for promoting interaction among financial practices and innovative technologies, research and study, and the needs of the economic society.

3. Who will be eligible to apply? The RBI in its guidelines will have to identify target groups such as financial institutions, FinTech firms or third-party firms associating with such businesses. The proposed product or service should “include new or emerging technology, or use existing technology in an innovative way”. The service should address a problem and benefit industry or consumers. According to the working paper, the RBI’s criteria for who can join the sandbox should specify the following:

  1. Type of innovation, product
  2. Who can apply for the sandbox (e.g. only start up or also incumbents)?
  3. Are there any limitations regarding the number of participants?
  4. What is the authority’s timeframe for the approval of application?

Regulatory supervision: boundaries, exit strategy, protection of consumer

1. Boundaries for testing: Being a limited testing model with certain/uncertain risk, a sandbox must lay out a “well-defined space and duration” within which a proposed financial service must be launched, such that the consequences of product failure can be contained. “The boundary conditions for the sandbox should be clearly defined for the sandbox to be meaningfully executed while sufficiently protecting the interests of consumers and maintaining the safety and soundness of the industry.” The RBI’s guidelines would need to specify: 

  1. Start and end date of the sandbox
  2. Target customer type
  3. Limit on the number of customers involved
  4. Other quantifiable limits such as transaction thresholds or cash holding limits•Associated risk disclosure for participating in the sandbox

2. Exit Strategy: An acceptable exit and transition strategy should be clearly defined in case a “proposed financial service has to be discontinued, or can proceed to be deployed on a broader scale after exiting the sandbox”. The exit plan for smooth market exit must be defined in case sandbox participant fails, says the working paper report.

3. Consumer protection: “The sandbox entity should ensure that any existing obligation to its customers of the financial service under experimentation must be fully fulfilled or addressed before exiting or discontinuing the sandbox.” Companies or startups applying for the sandbox must comply with the following regulatory requirements to “ensure the interests of consumer and safety and soundness of the financial sector”:

  1. Confidentiality of customer information
  2. Fit and proper criteria
  3. Handling of customer’s moneys and assets by intermediaries
  4. Prevention of money laundering and countering the financing of terrorism
  5. Number of customers
  6. Transaction volume
  7. Specific customer groups
  8. Information to customer

Facilities provided to sandbox participants

The working paper also lays out the facilities that are generally granted to fintech sandbox participants, which the RBI can consider:

1. Quantitative prudential requirements

  • Statutory / Liquidity requirements
  • Minimum paid-up capital
  • Capital adequacy
  • Licence fees
  • Financial soundness

2. Corporate governance

  • Board composition
  • Management experience
  • Fit and proper criteria

3. Risk management

  • Technology risk management
  • Outsourcing guidelines, etc.

Approach to regulatory sandboxes in other jurisdictions

  1. Australia – licensing exemptions: The Australian Securities and Investments Commission’s framework for fintech exempts Fintech companies from licensing requirement as long as they are banned from engaging in credit activities, already hold a credit licence, already be a credit representative of a credit licensee, or is a related body corporate of a credit licensee. After the 12 month period, the participants have to cease business unless they comply with regulation like all other businesses.
  2. Australia – boundary conditions: It also lays out boundary conditions like a 12-month testing duration, customer exposure of under $5 million, and dispute resolutions mechanisms.
  3. UK – consumer consent, and protection: The UK’s Financial Conduct Authority requires fintech firms to take informed consent for testing, consumers need to be informed of potential risks and available compensation; mandates an ombudsman and compensation scheme for consumers, and mandates a fair exit strategy for consumers
  4. Singapore – free hand to fintech firms: Monetary Authority of Singapore introduced a regulatory sandbox during June 2016, and allowed for financial institutions to launch new solutions without first seeking its guidance, “as long as they are satisfied with their own due diligence and there is no breach of legal and regulatory requirements”. The sandbox entity also has to report to MAS on the test progress based on an agreed schedule, and mandates an exit strategy.

Read frameworks for regulatory sandboxes in other countries in RBI’s working paper (pages 32-46).

Also read: A “fintech sandbox” might sound like a harmless idea. It’s not

Correction: The post has been updated to reflect the correct author.