Playing in the Regulatory Sandbox

“Regulatory sandboxes” have become almost as ubiquitous as “FinTech” or “block-chains,” but not many fully understand their goal, scope, or application. This article introduces regulatory sandboxes, provides background on their origin and the context in which they are used, discusses prominent jurisdictions that have adopted, or are considering, sandboxes, and examines what lies ahead for this regulatory innovation.

The “What” and the “Why”

While there is no precise definition, a regulatory sandbox is, broadly speaking, a framework within which innovators can test business ideas and products on a “live” market, under the relevant regulator’s supervision, without fear of enforcement actions in case it is determined that their business model does not comply with existing regulations. This “safe space” is usually subject to certain restrictions, typically focused on ensuring the protection of consumers, including a limited amount of time for testing.

Product launches into actual marketplaces are certainly not a game, especially in “FinTech” (technological innovations in the financial services sector) where sandboxes are currently most used, but the analogy with a child’s sandbox is apt. Regulatory sandboxes encourage innovation by improving access to financing, minimizing legal uncertainty, and allowing entrepreneurs to experiment and fine-tune business models in a controlled testing environment. Such playgrounds allow regulators to stay abreast of new business ideas and products, and to learn where they might need to update or fill in gaps in existing regulatory frameworks.

From a societal perspective, regulators’ limited resources are likely better spent on helping businesses navigate existing frameworks and creatively adapt regulations to better address an ever-changing business landscape, than on enforcement actions against well-meaning innovators.

Although there are differences across jurisdictions, sandboxes typically have the following features:

• Case by case rules or “sandboxes” for each firm/business proposal, rather than a one-size-fits-all approach.

• Limits on the number of customers/clients, testing for a limited time period, and safeguards for consumer protection (such as requirements to obtain informed consent).

• Restricted authorization/licensing, individual guidance, waivers/modifications to rules for that project, and no enforcement action letters.

The “When” and “Where”

The UK Financial Conduct Authority (FCA) first implemented a regulatory sandbox in 2016. The FCA established an Innovation Hub in 2014 to support innovators in the financial products/services industry, acknowledging the regulatory risks that financial firms face. The FCA sought to promote innovation by encouraging innovators to approach it for help with navigating the regulatory landscape, and collaborating with them to understand issues with the existing regulatory framework. The regulatory sandbox was a natural next step to allow innovative firms that had developed financial products and services with the FCA’s support to then test their products and services in a live market.

Although certainly innovative, regulatory sandboxes appear to be part of a broader trend towards better targeted regulation in a number of countries. Singapore, the second country to introduce regulatory sandboxes, champions a “never say no approach” for regulatory agencies dealing with new business models, stating that they “should be prepared to allow [business models] to be piloted under conditions, even tight ones.”

Regulatory sandboxes have since been implemented in several other countries, including Abu Dhabi, Australia, Canada, Denmark, Hong Kong, Malaysia, Singapore, and the UK. They have been proposed in several others, including Indonesia, Japan, Russia, Switzerland, Taiwan, Thailand, and the United States. The map below, maintained by Innovate Finance, shows countries where regulatory sandboxes have been implemented, and where they have been proposed but not yet fully implemented.

Regulatory sandboxes in the United States

The US Consumer Financial Protection Bureau (CFPB), has introduced a sandbox-like framework through its “Project Catalyst,” an initiative designed to encourage innovation in consumer financial products and services. The CFPB issued a regulatory waiver in September 2017 in the form of its first “no action letter” to an online lending platform that uses non-traditional or alternative data and modeling techniques in lending decision-making. The no-action letter is stated to be “specific to the facts and circumstances of the particular company and does not serve as an endorsement of the use of any particular variables or modeling techniques.”

The US Office of the Comptroller of the Currency (OCC) plans to launch “bank-run pilots” to allow banks to develop and test products in a controlled environment. The OCC aims to use these pilots to “gain insight into a product and to become comfortable with a proposed product’s controls and risks early in the process…recognizing the industry’s need for a place to experiment while furthering the OCC’s understanding of innovative products, services, and technologies.”

Although both initiatives appear to be big steps towards a more open regulatory approach, it remains unclear to what extent the US intends to pursue regulatory sandboxes of the kind implemented elsewhere, given conflicting information from other regulatory agencies.

The “What Next”

Given that the concept of regulatory sandboxes is still nascent, comprehensive data is not available yet on their effectiveness and economic impact. However, the earliest adopter of sandboxes, the FCA, released a “Regulatory Sandbox Lessons Learned Report” in October 2017. “Sandbox firms,” as they are referred to by the FCA, have brought innovative technologies, such as distributed ledger technology and automated custom (“robo”) financial advice to the UK market. The FCA observes a broader positive impact in line with its original objectives, including greater investment in new technology and competitive pressure on incumbents to improve their products to match new entrants.

Regulatory sandboxes have taken off in the financial services sector in both large and small economies for a number of reasons. First, the complexity of financial regulation plays a big role. The rapid speed of innovation pushing against the boundaries of dated regulatory frameworks requires regulators to adapt and innovate themselves. Second, the importance of regulatory compliance is also a significant factor – financial firms face hefty penalties if they do not comply with existing regulations. Third, insufficiently regulated new financial products can impose enormous costs on vulnerable consumers, as evidenced by the 2008 financial crash.

Sandboxes could also play an important role in other heavily regulated industries experiencing unprecedented innovation, such as healthcare, energy, and agriculture. With an accelerating rate of innovation, regulatory sandboxes are likely to play an increasingly important role in the interaction between start-ups/innovators and regulators. Regulatory sandboxes could also be relevant for the automobile industry, especially for self-driving automobiles.

One potential criticism of the sandbox approach is that the time it could take for regulators to review applications, design the right sandbox, and determine what regulations need to be amended, might make obtaining venture financing more challenging. Although this is an understandable concern, it is important to note that if an innovative new venture does in fact fall into a “grey” area under the existing legal framework, venture financing will actually be more difficult to obtain, and then it may well be better for entrepreneurs to involve regulators from the get-go. The sandbox approach allows regulatory risk to be mitigated and provides the added bonus of a real-world test in a controlled environment. Indeed, the FCA points out that in the absence of sandboxes, “regulatory uncertainty at a crucial growth stage means that FinTech firms find it harder to raise funds and achieve lower valuations as investors try to factor in risks that they are not well placed to assess.”

Based on their numerous potential benefits – mitigation of risk for innovative firms, potential for regulators to exercise closer oversight on new products/services, opportunity to adapt existing regulations and introduce new ones to keep up with the breakneck speed of innovation – it seems clear that regulatory sandboxes will only become more widely adopted, including outside the financial sector.

The “Where Else”

Many regulators are (surprisingly) open to embracing regulatory sandboxes as well as RegTech (technology used to ease regulatory compliance burdens), HealthTech (healthcare technology), EnergyTech (technology in the energy sector). Particularly innovative jurisdictions include: Canada (Quebec), which accepted an initial coin offering (ICO) into a sandbox, providing relief from registration and prospectus requirements for tokens, Singapore, which introduced sandboxes for electricity and gas firms, and Australia (New South Wales), which introduced a broad sandbox initiative covering block-chain, energy, health, agriculture and social innovations.

If these new applications of sandboxes prove effective, there may soon be a paradigm shift in regulation. Regulatory sandboxes can bridge gaps between innovators and regulators, allow meaningful and productive collaboration, mitigate risks for entrepreneurs, comfort investors, and inform policymakers. Based on the rapid adoption of sandboxes globally (with over 20 countries implementing or proposing a financial sector sandbox since the UK’s initiative was announced in 2015), the trend looks set to continue.

Khushboo Agarwal serves as the graduate editor of the NYU Journal of Law & Business, and is a candidate for an LL.M. in Corporation Law at NYU School of Law. Khushboo is admitted to practice in New York and Singapore. Prior to her advanced law studies at NYU, she practiced corporate law at Dentons Rodyk & Davidson in Singapore (part of the global law firm Dentons) for three years. She advises start-ups and emerging companies on venture capital financing and general corporate matters, and on cross-border private mergers and acquisitions. She graduated with an LL.B. (Upper Second Class with Honors) from the University of Nottingham in the UK in 2011.