The phrase ‘Regulatory Sandbox’ (‘RS’) is quite oxymoronic. Regulations are meant for adults, whereas Sandboxes are meant for children. However, the term sandbox has acquired newer meanings. In the field of computer science, it means a safe & closed testing environment that is designed for experimenting with web or software applications.
According to the United Nations Secretary-General’s Special Advocate for Inclusive Finance for Development, in the world of Financial Technology or popularly known as ‘FinTech,’ an RS is an approach taken by the regulators which allows live, time-bound testing of the innovations in the field but with the oversight of a regulator. While it provides an environment for testing the innovation to the FinTech innovators, the regulator gets a chance to observe the technology and be prepared for it. It will help in creating a situation wherein the regulations are not a forced measure of technology, but the optimum level of regulation is put in place with a dual objective of protecting the consumers as well as fostering innovations in the sector.
The U.S. Consumer Financial Protection Bureau, under the name Project Catalyst, developed the first sandbox-like framework set up in 2012. In 2015, the U.K. Financial Conduct Authority (‘FCA’) came out with Project Innovate in order to support disruptive innovation in the FinTech sector and coined the term ‘regulatory sandbox.’ Since then, the concept has spread across more than 20 countries from Abu Dhabi to India and Russia. Despite the uncertainty due to the recent Brexit, London occupies the undisputed first place in the world FinTech ranking.
The Securities and Exchange Board of India (‘SEBI’) believes that the participants of the capital market have always been early adopters of technology. To develop and adopt innovative FinTech solutions in the securities market, SEBI constituted a Committee on Financial and Regulatory Technologies. It was based on the recommendations of this committee that SEBI released its discussion paper on the framework for an RS (‘Discussion Paper’) on 28 May 2019. The objective was to start an early dialogue with the companies about emerging technologies, consequentially bringing more such technologies under the purview of the regulator to identify and overcome any potential threats and hurdles.
In early February 2020, SEBI released a Board Memorandum proposing to discuss the rolling out of the regulatory framework to facilitate and operationalize the RS framework. In the Board Meeting dated 17th February 2020, SEBI deliberated and cleared the proposal of the aforesaid regulatory framework by inserting a common chapter in respective regulations of SEBI for granting exemption from enforcement of the regulations and granting a limited certificate of registration to the entity interested in applying for testing in the RS. This concept of limited registration shall facilitate the entities to operate in an RS without being subjected to the entire set of regulatory requirements to carry out that activity.
Through this article, the authors intend to examine the drawbacks and shortcomings in the framework put forward by SEBI for regulating the Sandbox.
Drawbacks, Challenges, and Opportunities
The applicability section of the framework states that all the market participants registered with SEBI under S.12 of the SEBI Act 1992 and which come within the regulatory purview of SEBI shall be eligible for testing within the RS. A market participant can come on its own or use the services of a FinTech firm.
No answer is provided to the question of why a company or an individual independent of the market participant cannot apply to be in the sandbox. If the purpose intended to serve is that of financial inclusion, the legitimacy of the technology and its working should be more in focus rather than who is proposing the disruptive innovation. It is the market participant who will have to apply on its own or with the services of a FinTech firm. This opens up an adverse possibility wherein a FinTech firm is forced to attach itself to a market participant that has no intention to develop the technology and is only interested in a probable monetary or publicity benefit.
While restricting the participation to market participants could develop technology, they might not necessarily possess the relevant expertise for penetration of the products. Keeping the main focus as financial inclusion and penetration of financial products, the sandbox should be made open to all.
2. Eligibility Criteria
Like all the frameworks for RS around the world, SEBI’s framework also has a section dedicated to determining the category of innovations that would be eligible to participate. The eligibility section should be fleshed out further. Inter alia, terms such as ‘truly innovative,’ ‘significantly different,’ ‘genuine need,’ ‘limited prior testing,’ leave immense scope for confusion and discretion. These terms are vague and subjective. This would leave the applicants at the mercy of SEBI on whether they would be accepted or not. The usage of such terms is indicative of the fact that SEBI is looking for innovations. It will be of significant benefit to the applicants if a list of considerations is put out, which would be used to determine whether a product is innovative.
Certain FinTech innovations could have been tested in different jurisdictions or in a different medium (for e.g., Offline testing). If the technology was successful in another jurisdiction or medium, the proof of concept is already present. If such a technology is to enter India, it has to be tested distinctly in the Indian jurisdiction because the circumstances and the market as a whole are significantly different. But it would be barred from entering the RS due to restrictive eligibility criteria. The technology would be helpful for the innovator as well as the regulator to have a closed testing environment, which could provide a better understanding of the modifications required for the Indian market.
3. Risk management and exit strategy
The eligibility criteria also mandate that a proper risk management strategy must be incorporated to mitigate and regulate potential risks and contain the consequences in case of a failure. If the regulator itself worked with the innovator to help them identify and advise on the risks and mitigation strategy, it would help the innovators to design the product better before entering the RS.
Another eligibility requirement is the intention and ability of the participant to deploy the solution on a broader scale. In our opinion, there must be no mandate to deploy the solution. The deployment of the technology on a larger scale depends on several factors, including the results in the RS and the existing regulatory framework itself. The regulator must guide the innovator to develop an exit strategy and help them prepare for deployment after the RS period has concluded.
The model proposed by Abu Dhabi Global Markets’ RegLab (‘ADGM RegLab’) is one to be mentioned at this juncture. It is the world’s second most active FinTech RS in the world. RegLab participants have up to two years to develop and test their solution to a point where it can be set afloat commercially. ADGM itself provides the support and mentorship partners with various institutions like financial institutions, investors, technology firms, and professional service providers. The functionality of the solutions is also allowed to be tested for scalability. With such support being provided by the regulator itself, the FinTech solution entering into the RS will almost surely be rolled out in the real markets. Such incubatory support is also desired from SEBI in developing FinTech innovations.
4. Monitoring and Supervision of the Sandbox
Various clauses calling for information on the testing, interim reports, and final reports are present in the framework. Such clauses allow exercising periodic oversight and supervision over the participants of the sandbox, which is an essential function as a regulator. It would also contribute towards SEBI’s aim to gather as much information as possible about the technology.
The oversight and supervision must be kept to the minimum. SEBI is known to be one of the most active and stringent regulators in the country. However, concerning the FinTech innovation, it must consider shifting towards a light-touch regime and have regulatory intervention as an exception rather than the norm. This would also help to promote the central objective of shared learning through the RS. The monitoring and supervising powers would be an extra burden for SEBI itself. RS is set up as a not-for-profit exercise and must be kept like that. The bestowing of extra powers on itself may prove to be restrictive and time-consuming. These clauses must be modified to the extent to bring in greater independence and flexibility for the participants.
The structure governing the sandbox is two-layered, i.e., a steering committee and an operational team. The constitution and the exact role of the committees are not clear. Elucidating the roles and functions of the bodies would help provide more certainty to the governing structure. Operating an RS requires a lot of learning and consumes human and financial resources. Hence, comprehensive detail and structure are of the imminent requirement to sustain the RS in a proper form.
5. Protection of the personal information of the customers/investors
Participation in the sandbox would give the opportunity to test the solutions on real customers/investors to the innovators. Their safety must be kept in mind and protected too. With the frenzy of promoting FinTech innovation, an appropriate and informed consent of the customer along with appropriate safeguards for the information of the participating customers must not be forgotten. With the Right to Privacy being affirmed as a fundamental right in India, it furthers the reason why financial information of a person must be protected. Pertinently, until the Personal Data Protection Bill is not passed with appropriate debate and modifications, SEBI must endeavor to protect the information of the customers and investors participating in the RS at all costs.
6. Regulatory Sandbox as an advertisement
It has been noted on numerous occasions (for e.g., when NorthRow was selected for FCA’s Sandbox) wherein the innovators use the fact that it was accepted into an RS to promote the product/service. It must be made clear that the fact of being accepted and being allowed to test in itself does not mean anything. It should not be regarded as a stamp of approval by the regulator in any manner. It has been seen in other jurisdictions that once a technology gets accepted into an RS; it becomes instantly popular with the investors wanting to invest in the company seeking to promote the product without any deliberations as to the results of the test and the outcome. Though due to the reasons of transparency, the regulator may have to disclose the technology being accepted into the RS, adequate safeguards must also be kept in place to avoid a situation of using the opportunity as a campaign.
7. Limited testing on a set of eligible customers
By its nature itself, an RS requires the testing of the innovative solution on a set of limited eligible customers. It would be ideal if the regulator itself defined a higher ceiling of customers that can be used to test the product. With this, SEBI can reduce the risk and mitigate any potential risk easily if it occurs. Further, it would be in the interest of the innovation if a clause requiring the SEBI to update its regulatory framework on account of a threshold number of participants successfully meeting a reasonably pre-defined key-performance indicator target is included in the RS framework. However, it must also be noted that the results seen in the RS would not be the results that could be emulated in the real-life because the number of customers and investors in the real world would be huge. Moreover, real-life would not be a controlled environment anymore, and the success of the technology would also depend on many other business factors, such as marketing and the volatility/stability of the market.
8. Lack of coordination between the regulators
In order to provide a boost to FinTech in India, the Financial Regulators, i.e., SEBI, the Reserve Bank of India (‘RBI’) and the Insurance Regulatory and Development Authority of India (‘IRDAI’), are emulating other Financial Regulators to come up with their own set of Regulatory Sandboxes in the respective markets that they govern.
SEBI has created provisions for cross-domain testing of the FinTech solutions wherein an entity would obtain a limited registration certificate for the category of the intermediary for which it seeks to test the FinTech solutions. However, no provisions have been envisaged concerning the cross-sector testing of FinTech solutions. Illustratively, if an innovation exists which falls under the securities market and the insurance market, then the applicant can approach and test in only one of the two RS. For the second RS, it would fail in the criteria of being either ‘innovative’ or ‘limited prior testing.’
The ideal solution would be to follow the Hong Kong model. The Hong Kong Monetary Authority (‘HKMA’), the Securities and Futures Commission (‘SFC’), and the Insurance Authority (‘IA’) have come up with their own set of Regulatory Sandboxes to foster innovation and gather real-life data and user feedback on their Fintech products/services in a controlled environment. The most relevant regulator can be approached in case of a financial institution intending to conduct a pilot trial of a cross-sector Fintech product/service. Such a regulator will act as the primary point of contact and assist in liaising with other regulators for the financial institution to access the Sandboxes concurrently.
9. Protection of Intellectual Property Rights (‘IPR’) of the Applicants entering the Sandbox
Another issue that is raised while entering the Sandbox is with regard to the IPR of the applicants. The framework does not address the issue over the technology that is being developed in the Sandbox and whether SEBI can use the technology once it exits the sandbox at a later stage. There exists a possibility of exploitation of the aforesaid grey area by SEBI, which can be disadvantageous for both the stakeholders.
The RS introduced by SEBI is quite new, and the lack of data of the functioning, and the technology in the sandbox prevents us from further speculating and commenting on the success or failure of the step. However, it cannot be denied that the RS is an important complement to a policy maker’s existing approaches dealing with innovation. It is an interesting regulatory innovation of its own. If used properly, it can prove to be beneficial to the economy. SEBI must use sandboxes to keep up to date with the fast-paced innovation and take insights to improve rulemaking, supervision, and enforcement policies so that the entire market can benefit.
 News BBVA, ‘What Countries are leading in Fintech regulation?’ BBVA https://www.bbva.com/en/countries-leading-fintech-regulation/.
 SEBI, Discussion Paper on Framework for Regulatory Sandbox <https://www.sebi.gov.in/reports/reports/may-2019/discussion-paper-on-framework-for-regulatory-sandbox_43128.html> accessed 22 April 2020.
 PTI, ‘SEBI board clears regulatory sandbox for registered entities’ The Livemint (17 February 2020)
 Justice K. S. Puttaswamy (Retd.). v. Union of India, 2017 (10) SCALE 1.
ABOUT THE AUTHOR
Pavan Belmannu is a fourth-year B.A.LLB. (Hons.) student at The National University of Advanced Legal Studies, Kochi. He aims to specialize in the Commercial Dispute Resolution Practice.
Winy Daigavane is a fourth-year B.A.LLB. (Hons.) student at The National University of Advanced Legal Studies, Kochi. Her subjects of interest are Restructuring and Insolvency.