A Sandbox for Indian Fintechs

[Manal Shah is a student at the National University of Advanced Legal Studies, Kochi and writes at thesecuritiesblawg.in]

In his keynote address at the NITI Aayog FinTech Conclave 2019 held on 25 March 2019, the Governor of the Reserve Bank of India (RBI), Shaktikanta Das, addressed and acknowledged the growth and potential for fintech firms in India. While doing so, he acknowledged that India stands second in fintech adoption at a 52% rate and by catering to as many as 1218 firms operating in the Indian market. Financial innovation is growing at an exponential speed. Innovations in the financial sector are increasingly becoming sophisticated with newer technologies being introduced and implemented and newer financial services products under development. These developments also render the entire system to an increased exposure to risk. On the other hand, the fintech segment in India remains grappled with uncertainty such as whether a new product or service is (or is not) compliant with the existing norms, resulting in yet another risk, the risk of withholding of rollouts and hindering innovation.

Several jurisdictions have responded to this growth and speed of financial innovation by taking an active approach in facilitating this innovation by their variety of regulatory and supervisory initiatives. Among such initiatives is the “sandbox approach” which has seen growing acceptance since its introduction by the United Kingdom (UK) in 2016. The Working Group constituted by the RBI under Sudarshan Sen had mooted the set-up of a regulatory sandbox in its Report published in 2017. Notably, Das in his keynote address discussed that the RBI would be issuing guidelines for the proposed fintech regulatory sandbox within two months. Recently, it was also reported that the Securities and Exchange Board of India (SEBI) also considered a ‘regulatory sandbox’ approach with a view to make best use of the latest innovations such as blockchain and artificial intelligence in the market.

The concept of a “sandbox” acquired, within the computer science context, the meaning of a closed testing environment designed for experimenting safely with web or software projects. In the fintech context, sandbox means the live testing of new products or services in a controlled testing environment, mostly with some reliefs or relaxations or both. This mechanism is aimed at developing regulations that keep up with the fast pace of innovations by including temporary relaxations or adjustments in respect of regulatory requirements. It attempts to provide a safe space for startups to establish themselves as well as for established companies to test new technology based financial services in a live environment for limited time period, without undergoing strict authorization or licensing process. A sandbox is close ended. It is an effective testing ground in which the viability of a product can be tested without an expensive rollout and, if the product has potential, it would be easily authorized and brought to the broader market and, should any concerns be unearthed, the same can be solved by appropriate modifications before a larger launch.

Comparative Approaches

Sandboxes have been proposed or launched in several jurisdictions such as Singapore, Malaysia, Thailand, Hong Kong, UK, UAE and Australia. The UK was the first country to implement a regulatory sandbox, announcing the approach in 2015 and for fintech in 2016. The Financial Conduct Authority (FCA) is authorized to approve companies for testing their services. The UK uses a cohort approach, in that it accepts batch wise applications, two batches a year. The applications are assessed by the FCA on criteria including innovativeness, benefit to customer and readiness for live testing. The FCA has also developed a tailored authorization process to work closely with the sandbox firms to enable them to meet their requirements. The FCA sandbox offers tools such as individual guidance, waivers or modifications to rules and no need for enforcement action letters. At the successful completion of sandbox, the sandbox firms can have their limited FCA authorizations converted into a full authorizations. Also, after the completion of sandbox, the FCA works with the participants to assist in determination of the most appropriate strategy for their next steps.

The Australian Sandbox is different as it does not require companies to apply for individual approval. The Australian Securities and Investments Commission (ASIC) issued a detailed regulatory framework in May 2016 allowing eligible fintech businesses to test certain specified services without holding the Australian Financial Services (AFS) or credit license.  The waiver applies to a narrow set of services and the sandbox permits the business to test services for up to twelve months with up to a hundred retail clients so long as the total customer exposure does not exceed Au$ 5 Million. Those fintechs not meeting the conditions can apply for individual waivers under the pre-existing guidelines. After the sandbox testing period of twelve months, the fintechs are required to cease their operations unless they are granted an AFS/ Credit licence or an extension of testing period. Further, after the end of the testing period, fintechs will have to comply the law like other businesses in order to offer financial services or to engage in credit activities.

The Monetary Authority of Singapore (MAS) introduced its regulatory sandbox in 2016. Financial institutions in Singapore are free to launch new solutions without previously seeking MAS approval so long as they are satisfied with their own due diligence that there is no breach of legal or regulatory requirements. MAS published its final ‘Regulatory Sandbox’ Guidelines during November 2016 to encourage and enable experimentation of solutions that utilize technology innovatively to deliver financial products or services. The sandbox aims to provide regulatory support by relaxing specific legal and regulatory requirements, which the applicant would otherwise be subjected to, for the period of the sandbox.

The Report of the RBI’s Working Group proposed to place the Institute for Development and Research in Banking Technology (IDBRT) in the role of creating and maintaining a regulatory sandbox in collaboration with the RBI. The proposed criteria for joining the sandbox includes firstly, that the proposed financial service to be launched under the sandbox should include a new emerging technology or the use of existing technology in an innovative way. Secondly, the proposed financial service should address a problem or should benefit consumers of the industry. Finally, the proposed criteria must specify parameters including the type of innovation product, the limitations regarding the number of participants and the time frame for the approval of applications.

It is important for a sandbox to operate in a productive environment, that it has a well-defined duration and space for the proposed financial services to be launched within which the consequences such as failure can be contained. The boundaries of the sandbox must be clearly defined for it to be meaningfully executed while sufficiently protecting the interests of consumers and maintaining the safety and soundness of the industry. The proposed guidelines are expected to specify the start and end date of the sandbox, the target customer type, limit on customers involved, other qualitative limits such as transaction thresholds and cash holding limits and finally associates risk disclosures for participation in the sandbox.

The proposed Indian Regulatory Sandbox is intended to include following regulatory relaxations:

1. Qualitative prudential requirements: Statutory/ liquidity requirements, minimum paid up capital, capital adequacy, license fees, and financial soundness.

2. Corporate Governance: Board composition, management experience, fit and proper criteria.

3. Risk Management: Technology risk management, outsourcing guidelines etc.


The regulatory sandbox would bring in the much needed clarity on the regulatory front for fintech firms. This was long due on part of the Indian regulatory authorities and is a welcome move. An important question remains as to the convergence between data protection and privacy on the one hand and the sandbox initiative on the other. It is hoped that the official framework addresses data privacy succinctly. It is hoped that the sandbox be designed in a way that it encapsulates the business logic and data necessary to represent multiple banking functions such as APIs, products, services and transaction flows. Easy accessibility should be ensured in a way that location constraints can be overcome.

The Global Financial Innovation Network (GFIN) was formally launched in January 2019 by an international group of financial regulators and related organisations, including the FCA, to provide a more efficient way for innovative firms to interact with regulators, helping them navigate between countries as they look to scale new ideas. This includes a pilot for firms wishing to test innovative products, services or business models across more than just one jurisdictions. It is built on the FCA’s early 2018 proposal to create a global sandbox. It is pertinent that the RBI issue guidelines which will allow the domestic fintechs to access a wider market through programs such as the GFIN.

Manal Shah

About the author

Add comment


Enter your email address to subscribe to this blog and receive notifications of new posts by email.

Top Posts & Pages


Recent Comments


web analytics

Social Media