Inter-operable regulatory sandbox: A playground for fintechs ?

– Dayita Kanodia, Executive | finserv@vinodkothari.com

A regulatory sandbox allows live testing of innovative products/services under regulatory supervision and with regulatory relaxations. This in turn allows regulators to design evidence-based and innovation-friendly regulations.

An Inter-Operable Regulatory Sandbox or IoRS as defined by both RBI and SEBI is therefore a mechanism to facilitate testing of innovative hybrid financial products / services falling within the regulatory ambit of more than one financial sector regulator.

Why was IoRS needed ?

Earlier, financial regulators like Reserve Bank of India (RBI), Securities Exchange Board of India (SEBI), Insurance Regulatory Development Authority of India (IRDAI), and International Financial Services Center Authority (IFSCA) operated their separate sandboxes in India and interested entities had to separately approach concerned regulators to participate in their sandbox. This created problems for entities in testing cross-sectoral innovations.

For instance, a fintech product could be designed by an entity helping an individual buy insurance for his business, provide advice on loan products and manage cash flows from sales. This will  fall within the scope of different regulators like RBI and IRDAI. Therefore, in order to test this product, the entity had to approach different regulators and go through separate sandbox testing.

In order to remove this hardship which in turn caused hindrance for innovation, an interoperable framework was thought of.

This article discusses the Standard Operating Procedure (SOP) which has been put in place for these types of regulatory sandboxes, the situation in other jurisdictions and whether these sandboxes will actually promote innovation or will just act as a ‘playground’ for entities using the same.

Standard Operating Procedure for IoRS

With an aim to promote innovation, both SEBI^[1] and RBI^[2] came up with similar SOPs for IoRS.

Eligible participants and the products

The financial regulators that are members^[3] of the Inter Regulatory Technical Group (IRTG) on FinTech have given their consent to participate in the IoRS arrangement under the aegis of IRTG on FinTech.

Accordingly, financial products / service providers whose business models / activities / features fall within the ambit of more than one financial sector regulator, shall be considered for the testing under the same.

Eligibility Criteria for Entities

All the member regulators of IRTG who have consented to participate in IoRS have provided for their own eligibility criteria for entities which they must satisfy to participate in the live testing of their products in the regulatory sandbox, as discussed below:

• RBI – The eligible entity should
  • be a company incorporated and registered in India or banks licensed to operate in India or Limited Liability Partnership (LLP), Partnership firm registered in India, and
  • have a minimum net worth of Rs.10 Lakhs as per its latest audited balance sheet.

• SEBI –

The eligible entity should be registered with SEBI under section 12 of the SEBI Act, 1992 or should apply for partnership with any of the SEBI registered entities.

Along with this, the entity must provide the outline of the list of rules, regulations, guidelines, circulars etc. of SEBI that may act as an impediment to the proposed innovative solution, along with detailed rationale.

Further, the entity must state if SEBI is to to relax any specific regulatory requirements, for the duration of the sandbox and the reasons for the same.

Therefore, SEBI does not allow entities which are not registered with it to participate in the sandbox. So if SEBI is the PR in a particular case then the applicant must execute a MoU with a registered entity to apply to the IoRS. This condition again may cause hardship as applicants may find it difficult to find an interested registered entity.

• IRDAI – The eligible entity should have a minimum net worth of Rs.10 Lakhs as per its latest audited balance sheet.

• IFSCA – An Applicant who satisfies any of the following conditions shall be eligible to make an application to IFSCA,

1. Where the Applicant is from India-
   • An entity registered with Department for Promotion of Industry an Internal Trade (DPIIT) as a start-up entity relating to FinTech; or
   • An entity incorporated as a company under the Companies Act 2013, or as a Limited liability Partnership (LLP) under the Limited liability Partnership Act, 2008 or a branch of an Indian Company or LLP in IFSC; or
   • An entity working directly or indirectly in the ecosystem regulated by a domestic financial sector regulator.
2. Where the Applicant is from Outside India-
   • an incorporated entity or a branch of an incorporated entity from FATF compliant countries/jurisdictions.

Further, the applicant must propose to use innovative technology in its core product or service, business model, distribution model or methodology to provide financial services that are or likely to be regulated by the Authority.

Governance

The FinTech Department of RBI has been entrusted to be the nodal point for receiving applications and be designated as ‘Coordination Group (CG)’ for IoRS. All the necessary secretarial support shall be provided by them.

The application for IoRS shall be on ‘on tap basis’ in a prescribed application form. Even though the FinTech Department shall act as the front, the application, however, will be processed by the Principal Regulator (PR) and the Associate Regulator (AR).

Principal Regulator and Associate Regulator

The SOP has provided that the regulator under whose purview the ‘dominant feature’ of the product falls, shall govern it as ‘Principal Regulator (PR)’ and the regulator/s under whose remit the other features apart from the dominant feature of the product fall shall be the ‘Associate Regulator (AR)’. 

Therefore, to determine the same the dominant feature of the product must be determined.

Dominant feature

Two sets of factors would be considered for deciding the dominant feature-

1. the type of enhancement to the existing products like loans, deposits, capital market instruments, insurance, G-sec instruments, pension products, etc., and
2. the number of relaxations sought by the entity for undertaking the test under the IoRS.

Accordingly, the dominant feature shall be decided with greater weightage to the number of relaxations sought. Further, the relaxation, if warranted, shall be considered by PR / AR on case-to-case basis and decision to that effect shall be binding and final.

Again, it is based on this dominant feature that the eligibility criteria and networth criteria as applicable for the RS of the concerned regulator (PR) shall be applicable to the applicant entity for participation in the IoRS.

We therefore see that the distinction  between PR and AR is based on the type of enhancement to the existing products and thus does not account for a situation wherein the enhancements may equally apply to products falling within the ambit of more than one regulator.

Scrutiny of the application

After this, a detailed scrutiny shall be performed by the principal regulator based on its own framework. 

The PR is required to coordinate with AR(s), regarding the features of the product, which falls under their remit.Further, it is the former who shall reserve the right of admissibility of the hybrid product / solution / innovation as per its RS framework and accordingly communicate to the applicant and also to CG / IRTG on FinTech. The latter on the other hand will  provide specific inputs, stipulate conditions regarding aspects falling under its remit for parameters to be tested, boundary condition, risks to be monitored, etc and the test design shall be finalized by the PR in consultation with the AR.

Again, the evaluation of the product shall be done as per the framework of the PR, which may also reflect appraisal by the AR(s), while deciding on suitability and viability of the product / services.

Exit from IoRS and subsequent launching of the product

Post successful exit from the IoRS, the entity is required to approach PR and AR(s), for authorisation and for seeking regulatory dispensation before launching the product in the market.

Thereafter, if the product is admitted successfully, it shall be published by the regulator concerned vide Press Release, specifically indicating that it is under IoRS of IRTG on FinTech.

Regulatory sandbox in other jurisdictions

Regulatory sandboxes are not uncommon across other jurisdictions. In 2016, the UK Financial Conduct Authority (FCA) first came up with the concept of a regulatory sandbox. Accordingly, it has defined such a sandbox as “a ‘safe space’ in which businesses can test innovative products, services, business models and delivery mechanisms without immediately incurring all the normal regulatory consequences of engaging in the activity in question.”

The FCA also came up with the concept of cross-sector sandboxes back in 2019 much before India allowed the same in the year 2022.

This concept is not limited to financial services technology or FinTech alone. In June 2022, the Government of Spain and the European Commission announced a pilot of the first regulatory sandbox on artificial intelligence (AI). The anticipated sandbox is set to focus on the implications of AI for data protection laws and helping firms better understand the legal issues at stake. It will also guide authorities on where laws surrounding the use of data need to be updated to reflect the growing importance of machine learning data processing across industries.

What impact will this have on fintechs?

Drawing reference from other jurisdictions, SEC Commissioner,  Hester Peirce worries that regulators “facilitating and hosting the sandbox” may play the role of gatekeeper, slowing down or even halting innovation. Further,to quote former New York Department of Financial Services Superintendent Maria Vullo famous words, “Toddlers play in sandboxes. Adults play by the rules”, it can be said that substantial concerns have been raised regarding these sandboxes. ^[4]

Again, these sandboxes have limited scope since they mainly operate on a very small scale thereby not really testing the full potential of a fintech innovation. They are further restricted by the time limits imposed to ‘play’ in this sandbox.

Thus, these can be said to act only as a playground for entities using the same whereas the world is much larger. 

Another concerning fact of these regulatory sandboxes could be that they may start exploiting regulatory loopholes to gain a competitive advantage over established banking and financial institutions, thus causing a failure of the whole purpose of sandboxes which was to encourage and foster innovation.

---

Similar articles on the subject –

1. One-stop guide for all Regulatory Sandbox Frameworks
2. Safe in sandbox: India provides cocoon to fintech start-ups

---

^[1]https://www.sebi.gov.in/sebi_data/commondocs/oct-2022/SoP%20for%20Interoperable%20Regulatory%20Sandbox_Final_p.pdf

^[2] https://www.rbi.org.in/Scripts/bs_viewcontent.aspx?Id=4196

^[3] The regulators who are members of the inter-regulatory technical group are RBI, SEBI, IRDAI, IFSCA, PFRDA.

^[4]https://www.bing.com/ck/a?!&&p=31bb1533d3d404caJmltdHM9MTY4NzEzMjgwMCZpZ3VpZD0xM2UxZDc1Mi1kYTY4LTY0MjUtMjVlYi1jNjAwZGU2ODZhYjgmaW5zaWQ9NTQ1MQ&ptn=3&hsh=3&fclid=13e1d752-da68-6425-25eb-c600de686ab8&psq=regulatory+sanbbox+us+sec+commissioner+a+few+thoughts+&u=a1aHR0cHM6Ly9wYWNzY2VudGVyLnN0YW5mb3JkLmVkdS9hLWZldy10aG91Z2h0cy1vbi1yZWd1bGF0b3J5LXNhbmRib3hlcy8jOn46dGV4dD1XaGlsZSUyMGludGVyZXN0JTIwaW4lMjByZWd1bGF0b3J5JTIwc2FuZGJveGVzJTIwaXMlMjBzdHJvbmclMkMlMjBtYW55LG9mJTIwZ2F0ZWtlZXBlciUyQyUyMHNsb3dpbmclMjBkb3duJTIwb3IlMjBldmVuJTIwaGFsdGluZyUyMGlubm92YXRpb24u&ntb=1