A regulatory sandbox is a framework that allows fintech start-ups and other innovators to conduct live experiments in a controlled environment under a regulator’s supervision.
Nicole Sandler, vice president, fintech and regtech, EMEA legal lead, Barclays, says that “one of the biggest reasons that companies enter a sandbox is because they want to understand if they can put a product out into the market and they want to have a relationship with the regulator to see if their product is actually viable in the real world.”
The pros of the existence of sandboxes are many:
- Mitigation of risk for innovative firms: A sandbox can help ensure safety for the entire financial system, allowing innovation and consumer protection to coexist
- Reduced time to market: Uncertainty and interruption affects firstmovers and inhibits innovation
- Access to finance: Innovators get easier access to finance as both product viability and regulator welfare are maintained
- Transparency: Uniform enter and exit standards ensure transparency, and regulators can exercise close scrutiny
- Minimizing costs: Compliance costs can be prohibiting. Sandboxes enable safe testing within legal barriers
- Limited failure penalties: Testing in the regulatory sandbox offers organisations an opportunity to explore if their product or service works in real time, allowing for modifications before the need to commit to a full market launch.
But they aren’t without their difficulties:
- Time: The fintech industry depends on decreasing time to market. Coming up against a regulatory hurdle has the potential to waste time with increased bureaucracy
- First mover advantage: Filings with the regulator increases the chances of the technology becoming outdated
- Difficult to implement: Successful implementation of a regulatory sandbox may be jeopardized by institutional arrangements for regulation and supervision
- Costs: Operating a regulatory sandbox requires adequate resources (staff and funding). Where capacity is already stretched, stretching it further may have a negative impact on other areas.
The formation of regulatory sandboxes is a growing initiative worldwide, but they were initially the brainchild of Britain. The original sandbox was established as part of the FCA’s Project Innovate, with the aim of creating a safe space for fintech innovators to trial new products in a ‘live’ environment. The sandbox in the UK operates on a cohort system and instead of being permanently open, there are available windows to submit applications. It has accepted 89 companies since its inception in 2016, and variations of the concept have been developed within the EU and further afield, in the US and Asia. Europe and Asia are prime fintech areas, with investment in fintech companies reaching $26bn and $16.8bn respectively, according to KPMG’s The Pulse of Fintech report.
The European Supervisory Authorities (ESA) joint report on innovation facilitators highlights that facilitators can help authorities to keep pace with developments by gaining near ‘real time’ insights into emerging technologies. Twenty-one EU member states and three EEA States have established innovation hubs and five EU member states (DK, LT, NL, PL and UK) have regulatory sandboxes in operation. However, not all EU regulators are sold on the sandbox concept. For example, BaFin, the German regulator, has publicly ruled out the possibility of ‘little buckets and spades’ for German fintech companies, while other EU countries have gone for a more middle ground approach, using some form of innovation hub, as opposed to a fully functioning sandbox.
Sandler goes on to say that “sandboxes are a valuable regulatory tool for innovation given the interaction one will have with the regulator and the individual guidance that a firm will receive with respect to their proposed test. I think that there is a misconception in some jurisdictions that sandboxes are ‘regulatory light’ (ie light touch) and often the reason cited to me is due to the existence of certain tools such as waivers and no action enforcement letters. However it is worth highlighting that these have never been used by the FCA in their cohorts and only the individual guidance tool has been utilised (ie the FCA explain how they read their regulation in light of the firms test).”
Last year the FCA suggested a global sandbox, leading to the Global Financial Innovation Network (GFIN), a collaboration between the FCA and 11 other financial regulators and related organisations. Zach Masum, manager, legal services, capital markets regulation at British Columbia Securities, says that “a global initiative like GFIN, particularly its cross-border testing initiative, gives a firm the opportunity to test its business model in a number of different countries at the same time. This creates efficiency for both firms and regulators. It gives the firm a better ability to navigate the legal frameworks of many countries, which is a hurdle that many fintech startups have identified. It provides regulators across the globe the ability to collaboratively and concurrently evaluate a business model, so they can work together to identify and address both benefits and risks.”
The ESA praised the formation of an EU network, and proposed a primary order for the European authorities to compile the current state of play on sandboxes, identifying best practice and common criteria, which would provide a platform for experts to support participating authorities in reaching common approaches about regulatory and supervisory expectations. The European Commission’s FinTech Action Plan, published on the March 8, 2018, represents a significant milestone in the development of EU financial services policy, combining “both supportive measures to help introduce fintech solutions and proactive measures to foster and stimulate new solutions and address in a determined way the emerging risks and challenges.”
The US still has no nationwide sandbox, but the federal Consumer Financial Protection Bureau (CFPB) set up an ‘office of innovation’ in July, aiming to develop a regulatory framework designed to open the floodgates in terms of the development of new products and services for those corporations involved in cryptocurrencies, blockchain technologies and microlending. The Arizona sandbox, the first of its kind in the United States, has been open for several months, and is hoping to create a reciprocity structure with the UK. It is designed to allow innovative ideas get to market faster by decreasing the ‘one-size-fits-all’ regulatory requirements in exchange for a more active involvement by the Attorney General’s Office. Arizona is giving businesses two years to trial their fintech contributions, considerably longer than the six-month programme offered by the FCA. Thereafter, they can apply for a licence to function as a money services company, and if that is granted they must apply for authorisation in the 16 other states that are currently in agreement. Numerous other states and agencies have planned, or are currently developing programmes similar to the one in Arizona.
Singapore’s central bank has attracted global attention for its revolutionary fintech efforts, reliability in monetary policy, financial stability and supervision. The Monetary Authority of Singapore (MAS) has produced a framework to assist next-generation technological and financial innovation. It has also adjusted the regulatory framework to accommodate the creation of predefined sandboxes, known as the Sandbox Express, which aims to speed up the prolonged application and approval process to supplement the current fintech regulatory sandbox, which MAS launched back in 2016. MAS assesses applications based on technological innovativeness and aims to grant approval decisions within three weeks. MAS encouraged further innovation through its API Exchange, an online global fintech marketplace and sandbox to allow financial institutions and fintech firms to work together and push programming interfaces for digital transformation and financial inclusion.
Sandboxes assist the digital transformation of the financial sector but there are restrictions to what can be achieved. Additional actions are necessary to help support innovation while balancing other public policy interests, including legislative changes at the EU and global level. While established fintech sandboxes have existed for some time now such as the UK’s FCA, Australia’s ASIC and Singapore’s MAS, others including Hong Kong Monetary Authority, Bank Indonesia and Bank of Thailand have also launched regulatory sandboxes, highlighting the growing need for a global network.
Comprehensive figures are not yet available, but the FCA released a Regulatory Sandbox Lessons Learned Report in October 2017, citing that sandbox firms have brought innovative technologies, such as distributed ledger technology and automated custom financial advice, to the UK market. The FCA also witnessed a broader positive impact, including greater investment in new technology and competitive pressure on incumbents to improve their products to match new entrants.
Sandler recognises that sandboxes may help as “a regulator is not going to be able to fully understand how to regulate use cases properly until they actually work with it and this is where sandboxes fit in – they can help regulators understand where a use case hits their regulatory perimeter which can help them work out how to adapt their regulation.” Masum also adds. “In British Columbia, we have found that sandbox entrants are able to implement their business models faster than if they had been operating under the full regulatory framework, because the sandbox allows us to address their novel considerations effectively and with appropriate expertise. This helps the British Columbia Securities Commission fulfil its goals of encouraging innovation and protecting investors.”
Based on the opportunities they offer and the rapid adoption of sandboxes globally, with over 20 countries implementing or proposing a financial sector sandbox since 2015, regulatory sandboxes will only become even more popular, including outside the financial sector.