Building A Regulatory Sandbox
Sandbox Design Elements
Eligibility
Defines who can participate in the sandbox. Eligibility should be articulated clearly to ensure a level playing field across all market participants.
Design Choices (Examples)
- Open to incumbents only.
- Open to newcomers only.
- Open to nonfinancial services providers (e.g., technology providers, regtech).
Governance
Defines the internal operating structure of the sandbox, roles and responsibilities, and key operational processes.
Design Choices (Examples)
- Specialized sandbox unit.
- Hub-and-spoke: a central point of contact coordinating sandbox inquiries with other units of the regulator.
Timing
Includes
- Duration of the admission window.
- Duration of the test.
Design Choices (Examples)
- Periodic admission (cohort-based).
- Permanent admission window (on-tap).
- Testing periods range from 3 to 36 months.
Test Restrictions
Limits to the scope, scale, and/or conduct of the sandbox test to minimize potential harm.
Design Choices (Examples)
- Number of clients.
- Number of transactions.
- Volume of transactions.
- Geographical limits.
- Consumer protection safeguards.
- Minimum AMU/CFT requirements.
Exit
Includes
- Individual test outcomes (graduation, terminated test, etc.).
- Program-level key performance indicators (KPls).
- Incorporation of insights and lessons learned into the broader regulatory agenda.
Design Choices (Examples)
- For test outcomes see Section IV.
- KPls in terms of the absolute output (number of graduated firms).
- KPls in terms of a regulatory change promoted.
Building A Regulatory Sandbox
Capacity
Every feasibility assessment should include a clear-eyed evaluation of capacity, which mostly is defined in terms of resources that can be committed to the sandbox over several years. An internal capacity review should assess, among other things, the following:
- Whether the sandbox will include dedicated or shared staff.
- Technical skills required for program management, market engagement, application evaluation, technology assessment, test design and administration, and inter- and intra-regulator coordination.
- Interactions with other relevant regulatory programs, such as innovation hubs, licensing processes, and supervision programs.
- The resources committed to a sandbox widely differ from a single point of contact (more akin to a fintech office) to more than 30 staff members and from several thousands of dollars to over a million dollars. Capacity constraints ultimately may favor lower cost innovation facilitators, such as fintech offices.
Checklist for Implementers
Conditions
| Topic | Questions To Be Answered | Check |
|---|---|---|
| Purpose and Objective | Is the purpose and objective of the sandbox clear and internally aligned to all stakeholders? |
|
| Legal Conditions | Does the legal environment allow for the implementation of a sandbox? (i.e. availability of statutory mandates, intra/inter-regulatory coordination, legislative options, regulatory discretion)? |
|
| Market Conditions | Do the market conditions allow for the implementation of a sandbox? What is the market perception of the regulation/regulator? Is there a need for a regulatory sandbox or related programs ? |
|
| Regulatory Capacity | Is there sufficient internal regulatory capacity to implement sandbox and/or related initiatives? |
|
| Alternatives and Complements | Are there alternative formal and informal regulatory initiatives that could serve the same purpose as the sandbox more effectively or at lower cost ? |
|
| Resources | Is there an internal, cross-functional team responsible for delivering sandbox initiative? Does this initiative have an institutional champion/executive sponsor? Does the team and sponsor have sufficient resources? |
Design
| Topic | Questions To Be Answered | Check |
|---|---|---|
| Eligibility | Is it clear who is eligible to participate in the sandbox and what the communication plan to those eligible is? |
|
| Governance | Is the governance structure set for the operating structure, roles and responsibilities, and key operational processes for the internal team? |
|
| Timing | Is it clear what the timing of the admission window is? Timing of the test itself? |
|
| Test Restrictions | Is the scope, scale and operating conduct of the test designed to minimize potential harm? |
|
| Exit | Is there a clear exit strategy? What are the individual test outcomes to be measured? What are the performance KPIs? What is the success threshold? How can the learnings of the test be incorporated into the broader regulatory agenda? |
Building A Regulatory Sandbox
Sandbox Testing Plan
Testing plans typically are proposed by sandbox participants and evaluated by the sandbox team on a case-by-case basis. Testing plans should be customized to develop evidence on the regulatory questions presented by the specific innovation. As a basic rule, the regulator must feel comfortable that, once the testing is conducted as planned, the regulator will be able to decide what the next steps will be and choose an exit option. In reviewing a proposed testing plan, the regulator must confirm the plan is comprehensive and clear.
Key Criteria:
- Define the overall timeline and budget.
- Identify precisely what is being tested, as well as how and why.
- Define milestones and success criteria.
- Define risks and mitigating measures.
- Identify staff and their responsibilities.
- Establish rules for engaging with and reporting to the regulator throughout the testing period.
Testing Plan
| Element of Testing Plan | Description |
|---|---|
| Summary of innovation and test | An executive summary describing the innovation being tested and the testing plan (location, duration, number and type of customers, how will the test be conducted). |
| Sandbox tool required | Type of tool required to run the test (I.e. Restricted authorization) |
| Objectives of test | What is the test trying to prove, and what is the definition of success |
| Measures of success | Quantitative and qualitative metrics to measure during the test to verify if objective is met |
| Outstanding dependencies | Bottlenecks involving internal/external stakeholders or logistical issues that affect the implementation of the test |
| Key risks identified and mitigation | Risks that threaten the success of the test (i.e. theft, technological incompatibility) and potential mitigation strategies |
| Testing Plans | A plan for testing in the sandbox setting out the timeline and key milestones |
| Duration | Set duration of the test (testing duration should be long enough to enable statistically relevant data to be obtained ) |
| Number of customers | How many customers should be involved in the test |
| Customer type & sourcing | The types of customers to be included in the customer (if varied) and where to source them |
| Customer safeguards | How to minimize the fallback in case customers are faced with risks (i.e. providing access to Ombudsman services, providing compensation, providing information regarding the tests and disclosures prior to participation). |
| Customer disclosures | Firms should disclose information about the test and the available compensation to them, based on jurisdictional regulation |
| Exit plan | Operational procedure to notify the closure of the services at the end of the specified duration (i.e. what happens to the customer and the service when the test ends) |
Building A Regulatory Sandbox
Sandbox Project Plan
A sample template of regulatory sandbox project plan is available in How to Build a Regulatory Sandbox : A Practical Guide for Policy Makers
Building A Regulatory Sandbox
Exit Options
Once testing is over, the final evaluation is facilitated by regular reporting delivered throughout testing and the final report prepared either by the sandbox participant itself or by an independent auditor. The final report must be delivered within a prescribed deadline and the regulator should proceed swiftly with the final decision.
Every regulator should carefully map its own regulatory framework against each of the possible outcomes to determine whether and how easy it would be to implement each. The regulator should avoid setting up a sandbox without having legal clarity on each of the potential exit options.
Building A Regulatory Sandbox
Exit Criteria for Successful Test
The completed sandbox test may be deemed successful or unsuccessful. A successful test means that the test ran as planned, but it does not mean that the sandbox participant will be allowed to bring the innovation to market. That happens only when the sandbox participant wants to proceed, and the regulator considers the innovation subject to its mandate and market worthy
| DESCRIPTION | Example | |
|---|---|---|
| License | The sandbox participant can roll out the innovation in the market in compliance with regulatory requirements. | All successful firms graduating from the UK FCA sandbox have been licensed under a licensing regime that was already in place. |
| Other Formal Approval | The sandbox participant can roll out the innovation in the market in compliance with regulatory requirements subject to exemptions and/or waivers granted. This also may include a mandatory partnership with a licensed financial institution. | The Capital Markets Authority of Kenya uses the widely defined discretion granted in the Capital Mar- kets Authority Act to authorize temporary operations until an appropriate regulation is adopted. |
| Regulatory change | The tested solution falls under the regulator’s mandate but cannot be permitted without changes in the legal and regulatory framework. | The Central Bank of Brazil has created a sandbox framework that allows testing up to three years, which should provide enough time for regulatory changes should they be needed. |
Building A Regulatory Sandbox
Related Resources
For more detailed information, please refer to these two documents
