In July 2016 the Reserve Bank of India (RBI) had setup an inter-regulatory Working Group to look into and report on various aspects relating to fintech. One of the key recommendations of the Working Group was the introduction of an appropriate framework for a regulatory sandbox. Thus on 24th April 2019, the RBI has come out with a Draft Enabling Framework for Regulatory Sandbox (“Draft Framework”).
Before we proceed with the details regarding the Draft Framework it is important to understand the concept of a regulatory sandbox. Regulatory sandbox (RS) refers to live testing of new products or services in a controlled/ tested regulatory environment for which the regulators may permit certain relaxation in the regulations only for the limited purpose of testing. The RS allows the entities to test their product in a controlled environment before a wider-scale launch. Thus the RS at its core is a formal regulatory programme for market participants to test new products, services, business models with customers in a live environment subject to certain safeguards and oversights. Further, RBI in its Working Group Paper also discussed the concept of an ‘innovation hub’ which provides support, advice or guidance to regulated or unregulated firms in navigating the regulatory framework or identifying the legal issues.
Eligibility criteria of an applicant
The Draft Framework lays down the eligibility criteria for participating in the RS. The target applicants for entry in the RS are fintech firms which meet the prescribed conditions of a start-up by the Government. The focus of the RS is to encourage innovation where (a) there is an absence of regulations, (b) there is a need to temporarily ease the regulations for the proposed innovation, and (c) the proposed innovation shows promise of easing the delivery of financial services.
The RS shall begin the testing process with 10-12 selected entities through a comprehensive selection process which has been detailed under the ‘Fit and Proper criteria for selection of participants in the RS’. The entities should satisfy the following conditions: (a) the entity should be a company incorporated and registered in India and should be “Start up” , (b) the entity should have a minimum net worth of Rs 50 lakhs as per its latest audited balance sheet, (c) the promoters/ directors of the entity should be fit and proper and a declaration should be made to that effect, (d) the conduct of the bank accounts as well as the entity’s promoters/directors should be satisfactory, (e) a satisfactory CIBIL or equivalent credit score of the promoters/directors of the entity is required, (f) applicant should showcase that their product/services and ready for deployment in the broader market, (g) entity should demonstrate arrangements to ensure compliance with regulations on consumer data protection and privacy, and (h) the entity should have adequate safeguards related to the IT system to ensure safety of data and records.
The fintech solution proposed by the applicant should highlight the existing gap in the financial system and demonstrate that there is a regulatory barrier that prevents the deployment of the product/service. Additionally, the applicant should clearly define the test scenarios and the expected outcomes from the sandbox experimentation and an acceptable exit and transition strategy in case the fintech driven solutions are discontinued or deployed on a broader scale after exiting the RS. To this effect, the applicant is required to share the result of the proof of concept/ testing of use cases including any relevant prior experiences before getting admission into RS for testing.
Design features of the RS
The RS may run a few cohorts i.e. end-to-end sandbox process, with a limited number of entities in each cohort testing their products in a stipulated time. The RS shall be based on different subjects focusing on areas such as financial inclusion, payments, digital KYC, etc. Though these cohorts may run for varying time period but it should ordinarily be completed within 6 months.
The innovative products/services which could be considered for testing under RS would include retail payments, money transfer services, market places lending, digital KYC, financial advisory services, smart contract, cybersecurity products, etc. On the other hand, the innovative technology which could be considered for testing under RS would include data analytics, API services, applications using block chain, AI and machine learning applications and mobile technology applications.
Regulatory requirements for RS applicant and exclusions from RS
The regulatory requirements which shall be mandatorily adhered to by the applicant are: (a) customer privacy and data protection, (b) security of transactions, (c) KYC/ AML/ CFT requirements, (d) secure storage of and access to payment data of stakeholders, and (e) statutory requirements.
However, an entity would not be suitable for RS if the proposed financial service is similar to a product/service/technology which already is being offered in India unless the applicant can show that either a different technology is gainfully applied or the same technology is being used in a more effective and efficient manner. Accordingly, the Draft Regulations have put together an indicative negative list of products/ services/ technology which may not be accepted for testing. The list includes businesses related to credit registries, credit information, crypto-currency, initial coin offerings and chain marketing services.
Extending or Exiting the RS
In case the sandbox entity requires an extension of the sandbox period it shall apply to the RBI within one (1) month before the expiration of the sandbox period. Further, RBI at its discretion can discontinue the RS testing for an entity if it does not achieve the intended purpose or if the entity is unable to comply with the relevant regulatory requirements. The sandbox entity may exit from the RS on its own by informing the RBI one week in advance.
Boundary conditions, transparency, and consumer protection
A sandbox must have a well-defined space and duration for the proposed financial services to be launched and the boundary conditions for the RS shall include the start and end date of RS, target customer type, limit the number of customers involved, transaction ceiling, and cap on customer. Further, the RBI shall communicate the entire RS process including the launch, theme of the cohort, entry and exit criteria on its website to ensure transparency. And as stated earlier before discontinuing/ exiting from the RS, the sandbox entity shall ensure that it meets all the existing obligations towards its customers and entering into an RS does not limit the liability of the entity towards its customers.
Sandbox process and stages
The end to end sandbox process, including the test of the products/ services shall be overseen by the FinTech Unit (FTU) at RBI, and the stages involved in the RS are as follows:
- Stage 1: Preliminary Screening (4 weeks) – FTU shall ensure that the applicant clearly understands the objectives and principles of the RS, and it is in this phase the application received by the FTU are evaluated and shortlisted who meet the eligibility criteria.
- Stage 2: Testing Design (3 weeks) – In this phase which lasts for 3 weeks the FTU finalizes the test design through an iterative engagement with the applicant and shall identify the outcome metrics for evaluating the evidence of risk or benefits.
- Stage 3: Application Assessment (3weeks) – In this phase the FTU vets the test design and proposes regulatory modifications if any.
- Stage 4: Testing (12 weeks) – The testing may last for a maximum tenure for 12 weeks. In this phase, the FTU generates empirical evidence to assess the test conducted.
- Stage 5: Evaluation (4 weeks) – The final evaluation of the outcome of testing the products/ services/ technology is confirmed in this phase by RBI. The FTU shall assess the outcome report and decide whether the product/service is viable and acceptable under RS.
Statutory and legal issues
If the applicant is allowed by the FTU into the RS, the entity would be provided by appropriate regulatory support by RBI in the form of relaxation of specific regulatory requirements during the duration of the RS. However, RBI shall not bear any liability arising from the RS process and any liability arising from the experiment has to be borne by the entity alone. Further, the sandbox entity should ensure that on exiting from the RS or on the completion of the RS process, the sandbox entity should fully comply with all the relevant regulatory requirements.
2.Report of the Working Group on FinTech and Digital Banking- https://www.rbi.org.in/Scripts/PublicationReportDetails.aspx?UrlPage=&ID=892