FinTechRegulatory Sandbox – The Road Map for FinTech Innovation

INTRODUCTION

Disruptive technologies have created a new path of innovation in the financial sector. Regardless of the impact on traditional banking, the Indian FinTech market has developed significantly in the last few years and has created many new opportunities for business as well as customers. According to a study Innovate Finance, in 2019, India was third in global FinTech investment. Promoting the Digital India campaign has proved to be beneficial in all sectors of business. However, investment is not yet proportionate to the limited growth of the market.

The Regulatory Sandbox (“RS”) acts as a testing ground for the FinTech start-ups to test their innovative product in a secure, viable, and time-bound environment with regulatory supervision. These testing grounds are especially relevant in the FinTech world, where there is a growing need to develop regulatory frameworks for emerging business models. Therefore, considering there is a lot of potential in the FinTech sector in India, the concept of RS providing an enabling platform to test the product in a secured framework is adopted.

The purpose of the sandbox is to adapt compliance with strict financial regulations to the growth and pace of the most innovative companies, in a way that doesn’t smother the FinTech sector with rules, but also doesn’t diminish consumer protection The basic purpose of a Regulatory Sandbox (“RS”) is: there should be novelty and innovation, it should be efficient and, it should benefit consumers. These FinTech start-ups operate in a restricted environment and the regulators closely monitor them.  Under this framework, customer feedback acts as an important factor in improving the business model.

Three essential features of a sandbox are: it should be easily accessible, have a flexible business design to include more than one service, and should be able to collaborate. The enabling framework was released on RBI’s website on August 13, 2019 for the first time.

In this article, we attempt to discuss about the concept of Regulatory Sandbox, RBI’s enabling framework with respect to RS, and how it is acting as the crucial stepping stone towards the massive growth of the FinTech sector in India.

GROWTH OF REGULATORY SANDBOX IN FINTECH

Advancement in technology has forced the growth of several industries. FinTech is one such sector that has seen rapid growth in recent times. There is no denial of the fact that with increasing FinTech products lining up to reach consumers, there is a need to build a framework to protect consumers’ privacy as well as organize market development through a regulatory sandbox approach.

Over the last five years, India has emerged as a leader of innovation and entrepreneurship in the financial technology space. Over two thousand FinTech companies have set up operations in India since 2013, with the country ranking second globally in FinTech adoption.

The regulations adopted in the FinTech industry across the countries of the world vary. In the case of the UK’s Financial Conduct Authority (“FCA”), which launched the ‘Project Innovate’ in 2014, the FCA has received recognition for its sandbox that includes innovative models tested under a live market environment. Similarly, the authority for the Financial Markets and De Nederlandsche Bank (“DNB”) has been running a regulatory sandbox in the Netherlands since 2016.

In addition, FCA has announced the creation of the Global Financial Innovation Network, where it has partnered with eleven foreign regulators and related firms from across the world. This network is to realize that the ‘global sandbox’ reduces the time to bring ideas to international markets. Two of these regulators are the Hong Kong Monetary Authority and the Monetary Authority of Singapore.

In India, in addition to the Reserve Bank of India (“RBI”), two other financial regulators have announced regulatory sandboxes – the Securities Exchange Board of India (“SEBI”), which regulates India’s securities markets, and the Insurance Regulatory and Development Authority of India (“IRDAI”), which oversees the insurance and reinsurance sectors.

Major private sector banks such as HDFC Bank, ICICI Bank, and YES Bank also have initiatives where developers are invited to create new applications through their banking APIs.

RBI REGULATORY FRAMEWORK

1. Eligibility Criteria

Subject to the guidelines as prescribed, the FinTech companies including start-ups, banks, financial institutions, and any other company partnering with or providing support to financial services businesses, are target groups for Regulatory Sandbox.

To encourage innovations intended for use in the Indian market, the regulatory sandbox will be set up in areas where:

• governing regulations are absent;

• temporary easy regulations for enabling the proposed innovation are needed; and

• the proposed innovation shows promise of easing/affecting the delivery of financial services in a significant way. 

2. The Sandbox Process

Each cohort of the sandbox has five stages and timeline:

Stage 1 – Preliminary Screening:

• This phase lasts for four weeks from the date of closure of the application window.

• The applications are received by the FinTech Unit and evaluated to shortlist applicants meeting the eligibility criteria.

• The Unit also ensures that the applicant clearly understands the objective and principles of the sandbox and conforms to them.

Stage 2 – Test Design:

• This phase also lasts for approximately four weeks.

• The unit finalizes the test design through an iterative engagement with the applicants and then identifies outcome metrics for evaluating evidence of benefits and risks.

Stage 3 – Application Assessment

• This phase lasts for three weeks.

• In this stage, the unit vets the test design and if found appropriate, proposes regulatory modifications.

Stage 4 – Testing

• This phase lasts for a maximum of twelve weeks.

• The unit generates empirical evidence to assess the tests by close monitoring.

Stage 5 – Evaluation

• This phase lasts for four weeks.

• The final outcome of the testing of products, services, and technology, as per the expected parameters, including viability or acceptability under the sandbox is confirmed by the RBI.

• The FinTech unit assesses the outcome reports on the test and decides on whether the product/service is viable and acceptable under the RS.

3. Relaxations for the Applicant

The RBI considers relaxing some of the regulatory requirements for applicants for the duration of the sandbox on a case-to-case basis, and if warranted. A few examples are:

• Liquidity requirements;

• Board composition;

• Management experience;

• Financial soundness;

• Track record

However, some requirements are mandatorily be complied with, by the applicants. These are:

• Customer privacy and data protection;

• Secure storage of and access to payment data of stakeholders;

• Security of transactions;

• KYC/AML/CFT requirements;

• Statutory restrictions;

4. Consumer Protection

The utmost requirement for the entities experimenting with the concept of RS is that they must comply with the required and existing regulations respecting customer privacy, as entering the RS platform does not limit the RS entity’s liability towards its customers.  The entities entering in the RS must notify test customers of potential risks and the available compensation, in an upfront and transparent way. They must obtain their explicit consent in this regard. There should be an appropriate arrangement for customers to withdraw from the test.

RS entities are required to take liability and indemnify to safeguard the interest of the customers. The adequacy of indemnity cover depends on the determination of the maximum liability based on

• maximum exposure to a single customer,
• the number of claims that could arise from a single event (potential for multiple claims); and
• the number of claims that might be expected during the policy period.

The consumer protection indemnity policy cover begins with the initiation of the testing stage of the FinTech start-up and ends in three months post exit of the FinTech start-up from the RS.

5. Transparency and Disclosure

It is essential that FinTech start-ups participating in RS make sure there is a clear and adequate flow of information to the stakeholders to maintain complete transparency and trust. The launch of the project, theme of the cohort, successful applicants selected for RS, entry and exit criteria and products/services found viable and acceptable under the RS would be communicated by the RBI, on its website.

The RBI also reserves the right to publish any relevant information about the applicants on its website, for the purpose of knowledge transfer and collaboration with other international regulatory agencies, provided, RBI will publish information without revealing any proprietary/intellectual property rights related information.

PROCEDURAL REGULATIONS

1. Boundary Conditions

A well-defined space and duration for the RS is necessary for the proposed financial service to be launched and to contain the consequences of any failure. Therefore, boundary conditions should be clearly defined as to protect the interest of the consumers, which may include:

• Start and end date of the sandbox

• Target customer type

• Limit on the number of customers involved

• Transaction ceilings or cash holding limits

• Cap on customer loss

2. Design Aspects

The RBI will consider the following design features:

A. Regulatory Sandbox Cohorts and Product/Services/Technology

The Regulatory Sandbox runs cohorts (end-to-end sandbox process) with a limited number of entities within a fixed time. The cohorts are based on themes of financial inclusion, payments, and lending, digital KYC, etc. The time period is usually six months but it can vary for different cohorts.

• Innovative Products/ Services – Retail payments, Money transfer services, Marketplace lending, Digital KYC, Financial advisory services, wealth management services, Digital identification services, Smart contracts, financial inclusion products, Cyber security products.

• Innovative Technology – Mobile Technology applications, Data analytics, Application Program Interface (APIs) services, Application under blockchain technologies, Artificial Intelligence and Machine Learning applications.

B. Fit and Proper Criteria for selection of participants

RS is an initiative for responsible innovation in the financial sector. The FinTech start-ups/entities allowed in a cohort are subject to certain conditions. If the number of applications is large, the first step in selection will be making sure that they conform to the fit and proper criteria. The final selection will be based on the novelty of the innovation and how it will benefit the consumers/ industry.

(i) Conditions for the Applicant:

• An applicant should either be a company incorporated in India or a bank licensed to operate in India or a financial institution constituted under a statute in India.

• The minimum net worth of the entity must be Rs. 25 lakhs according to its latest audited balance sheet.

• The promoters/ directors should meet the fit and proper criteria and should submit a declaration and undertaking.

• The conduct of the bank accounts and promoters/ directors of the entity should be satisfactory.

• The credit history of the promoters/ directors should be satisfactory.

• It should be demonstrated that the products/services are ready for deployment in the market.

• All existing regulations/laws on consumer data protection and privacy must be complied with.

• The IT system should have safeguards against unauthorized access, alteration, destruction, disclosure, or dissemination of records and data.

• The entity should have a robust IT infrastructure and provide end-to-end integrity of information processing for the sandbox process.

(ii) Conditions for entity

• The proposed solution highlights the present gap in the financial system on how it will solve the problem, provide benefits to the consumers, and perform the same work more efficiently. The applicant should highlight that there is a regulatory barrier that does not allow the deployment of the product/ service or it should propose an innovative and important product/ service and highlight that there is a need of regulating it.

• The test scenarios and expected outcomes are clearly defined. The entity reports to the RBI according to the schedule.

• The boundary conditions are clearly defined so that the process is executed meaningfully without compromising the privacy of the consumers.

• An exit and transition strategy is clearly defined in case the financial service is discontinued or deployed on a broader scale after exiting.

• The applicants have to share the results of Proof of Concept (PoC)/ testing of use cases including any prior experience before getting admitted to the RS.

• Risks that can arise from the proposed FinTech solution are assessed and a mitigation report is submitted.

C. Fit and Proper Criteria for Directors/Promoters

(i) The RBI provides a ‘fit and proper’ criterion for directors/ promoters of the sandbox entity to be accepted in the Regulatory Sandbox. Each of the promoters/ directors has to submit these documents:

• Permanent Account Number under the Income Tax Act, 1961;

• Director Identification Number;

• Bank account details including loan accounts;

• Credit score;

• Reference report obtained from regulators under which the entity is registered;

• Other documents listed under “declaration and undertaking”

(ii) Due diligence of the promoters/ directors is conducted and a ‘declaration and undertaking’ is obtained from the entity for the same purpose. A copy of the undertaking is forwarded to the RBI.

3. Extending or Exiting the RS

The regulatory relaxations provided to the entities expire when the sandbox period ends and the sandbox entity has to exit. If the entity wants to extend the sandbox period, it applies to the RBI before one month of expiration date and with valid reasons. The RBI takes a decision based on the stage of testing, results of testing, reasons for the extension and the expected outcome if extended.

The testing can be discontinued at any time by the RBI, if:

• the entity does not achieve its purpose, based on latest testing, expected outcome, and the schedule mutually agreed with the RBI.

• the entity fails to comply with the required regulations specified at any stage during the process.

• the FinTech start-up in the RS does not act in the interest of the consumers due to negligence or deliberate malicious practices

The FinTech start-up in the RS can exit the RS at its own discretion any time after informing the RBI one month in advance. The entity must ensure that there is no pending obligation to the customers of the financial service under experimentation before exiting or discontinuing the RS.

EXCLUSION FROM SANDBOX EXPERIMENT

The RBI has expressly provided an indicative negative list of products, services, and technology that may not be accepted for testing. The list is based on the fact that if the proposed financial service is similar to those that are already being offered in India, it will not be accepted for experimenting. The applicants have to show that either ‘a different technology is being gainfully applied’ or ‘the same technology is being applied in a more efficient and effective manner. The list is as follows:

• Credit registry;

• Credit information;

• Cryptocurrency/Crypto assets services;

• Trading/investing/settling in crypto assets;

• Initial Coin Offerings, etc.;

• Chain marketing services;

• Any product/services which have been banned by the regulators/Government of India.

BENEFITS OF REGULATORY SANDBOX

• Regulators obtain first-hand empirical evidence on the benefits and risks of emerging technologies and their implications, enabling them to take a considered view on the regulatory changes or new regulations that may be needed to support useful innovation while containing the attendant risks.

• Incumbent financial service providers, including banks, also improve their understanding of how new financial technologies might work, which helps them to appropriately integrate such new technologies with their business plans.

• Innovators and FinTech companies can improve their understanding of regulations that govern their offerings and shape their products accordingly.

• Feedback from customers, as end-users, educates both the regulator and the innovator as to what costs and benefits might accrue to customers from these innovations.

• Users of a sandbox can test the product’s viability without the need for a larger and more expensive roll-out, if the product appears to have the potential to be successful. However, if any concerns arise, during the sandbox period, appropriate modifications can be made before the product is launched in the broader market.

• FinTechs provide solutions that can further financial inclusion in a significant way. The sandboxes can go a long way in not only improving the pace of innovation and technology absorption but also in financial inclusion and in improving financial reach. Areas that can potentially get a thrust from it include microfinance, innovative small savings, remittances, mobile banking and other digital payments.

• By providing a structured and institutionalized environment for evidence-based regulatory decision-making, the dependence of the regulator on industry/stakeholder consultations only is correspondingly reduced.

• Regulatory Sandbox could lead to better outcomes for consumers through an increased range of products and services, reduced costs and improved access to financial services.

AMLEGALS REMARKS

Regulatory Sandbox provides an enabling platform that acts as a risk-mitigating factor for both banks and FinTech start-ups., which are not yet regulated, which might cause harm to consumers. Further, Regulatory Sandbox creates a conducive and contained space where FinTech start-ups test their innovative product at the edge or even outside of the existing regulatory framework.

The enabling framework of the Regulatory Sandbox helps promote innovative FinTech start-ups in India, as it helps bring the cost of innovation down, reduces barriers to entry, and allows regulators to collect important insights before deciding if further regulatory action is necessary.

Furthermore, Regulatory Sandboxes can lead towards higher financial inclusion, since the success of the financial inclusion largely depends on the capacity of the financial sector to innovate which can address traditional barriers to financial inclusion and these Regulatory Sandbox helps these FinTech start-ups to bring tested and tried the innovative product in the financial market. However, the concept of Regulatory Sandbox is relatively new and their impact on financial inclusion hasn’t been sufficiently proven yet.

– Team AMLEGALS assisted by Ms. Aditi Sharma

For any query or feedback, please feel free to get in touch with arushi.vyas@amlegals.com or tanmay.banthia@amlegals.com.