The Reserve Bank of India (RBI), last month, released a draft of the “Enabling Framework for Regulatory Sandbox”. A sandbox is a framework that allows regulation to evolve and keep pace with innovation in technology. Fintech startups can live test new products and technologies within the RBI’s regulatory sandbox which offers a controlled regulatory environment allowing for “learning by doing” for startups, customers and the regulator. A key benefit of a regulatory sandbox is to enable regulators to make decisions based on evidence from real-time product testing and customer experience.
Who is eligible?
Startups (defined as a company in business for no more than seven years) will be selected for the regulatory sandbox based on identified eligibility criteria, including net worth of at least ₹500,00, satisfactory credit scores, promoters and directors that meet the fit and proper criteria, the ability to comply with personal data protection laws and adequate IT infrastructure and safeguards to protect against unauthorized access, destruction and disclosure.
The sandbox is intended to allow for testing of products and technology that are not currently governed by regulations and face some form of regulatory barrier in implementation, those that require certain regulatory relaxations for testing, and those that seek to improve the delivery of financial services. The RBI has indicated that the solution proposed for sandboxing must highlight an existing gap in the financial ecosystem and specifically address how this can be solved. While the eligibility criteria are product and technology focused, the startup requirement potentially excludes a large section of Fintech players. The RBI may need to re-look at the seven-year rule for eligibility.
How it works?
Applicants must share results of the proof of concept and testing of use cases before being admitted to the sandbox. The RBI contemplates product testing by 10-12 Fintech startups in a single regulatory sandbox cohort (i.e., end-to-end sandbox process), where products broadly fall within a shared theme. There is a requirement for the test scenarios and expected outcomes to be clearly defined upfront. The entity must report results to the RBI on an ongoing basis, as per a pre-agreed schedule. While certain regulatory requirements may be relaxed for the duration of the sandbox, the RBI has made it clear that the applicants will have to continue to comply with data protection laws and KYC requirements. Applicants will continue to be liable to customers for financial products tested in the sandbox. The framework outlines five stages of the sandbox process for a single cohort, each of which shall be monitored by the RBI’s Fintech unit (FTU). Stage 1: preliminary screening of applications to the cohort (four weeks). Stage 2: finalization of test design by the FTU via an interactive process with applicants (three weeks). Stage 3: application assessment and vetting of test design by the FTU (three weeks). Stage 4: testing by the FTU based on empirical evidence and data (12 weeks). Stage 5: evaluation by the FTU based on the final outcome of the testing of the product or technology that was sandboxed (four weeks).
The RBI has indicated it would consider innovation in retail payments, money transfer, digital KYC, financial inclusion products, and financial advisory services for the regulatory sandbox. Interestingly, cryptocurrency and initial coin offerings have been excluded from sandbox testing despite the market view that they are suited to sandbox testing.
Given that Fintech products could potentially face regulation from multiple regulators, the RBI may consider working with other financial services regulators through the sandbox testing process. Payment and lending products are now being increasingly aggregated with investment, wealth management, insurance and other financial products, each of which may be regulated by a different regulator. The Securities and Exchange Board of India and the Insurance Regulatory and Development Authority have recently introduced innovative regulatory sandboxing frameworks, and it will be interesting to see how each of these frameworks interact with each other.
The RBI should comment on how confidential product and technology-linked data of a participant in the sandbox will be protected. It would be useful to have clarity on which aspects of the sandbox testing will be “protected” and not made publicly available. Transparency in the selection process is critical to the success of the framework, and the RBI will need to carefully address issues around the selection. The framework offers a tremendous opportunity to the startup community but the real test now lies in the implementation.
Shilpa Mankar Ahluwalia is a partner at Shardul Amarchand Mangaldas & Co. and leads the firm’s Fintech practice.
Shardul Amarchand Mangaldas & Co.
216 Okhla Industrial Estate, Phase 3
New Delhi – 110 020
Executive Chairman: Shardul Shroff
Pallavi Shroff & Akshay Chudasama
Tel:+91 11 4159 0700, 4060 6060
New Delhi | Mumbai | Gurugram | Chennai | Bengaluru | Ahmedabad | Kolkata