Building A Regulatory Sandbox

Sandbox Design Elements

Eligibility

Defines who can participate in the sandbox. Eligibility should be articulated clearly to ensure a level playing field across all market participants.

Design Choices (Examples)

  • Open to incumbents only.
  • Open to newcomers only.
  • Open to nonfinancial services providers (e.g., technology providers, regtech).

Governance

Defines the internal operating structure of the sandbox, roles and responsibilities, and key operational processes.

Design Choices (Examples)

  • Specialized sandbox unit.
  • Hub-and-spoke: a central point of contact coordinating sandbox inquiries with other units of the regulator.

Timing

Includes

  • Duration of the admission window.
  • Duration of the test.

Design Choices (Examples)

  • Periodic admission (cohort-based).
  • Permanent admission window (on-tap).
  • Testing periods range from 3 to 36 months.

Test Restrictions

Limits to the scope, scale, and/or conduct of the sandbox test to minimize potential harm.

Design Choices (Examples)

  • Number of clients.
  • Number of transactions.
  • Volume of transactions.
  • Geographical limits.
  • Consumer protection safeguards.
  • Minimum AMU/CFT requirements.

Exit

Includes

  • Individual test outcomes (graduation, terminated test, etc.).
  • Program-level key performance indicators (KPls).
  • Incorporation of insights and lessons learned into the broader regulatory agenda.

Design Choices (Examples)

  • For test outcomes see Section IV.
  • KPls in terms of the absolute output (number of graduated firms).
  • KPls in terms of a regulatory change promoted.

Building A Regulatory Sandbox

Capacity

Every feasibility assessment should include a clear-eyed evaluation of capacity, which mostly is defined in terms of resources that can be committed to the sandbox over several years. An internal capacity review should assess, among other things, the following:

  • Whether the sandbox will include dedicated or shared staff.
  • Technical skills required for program management, market engagement, application evaluation, technology assessment, test design and administration, and inter- and intra-regulator coordination.
  • Interactions with other relevant regulatory programs, such as innovation hubs, licensing processes, and supervision programs.
  • The resources committed to a sandbox widely differ from a single point of contact (more akin to a fintech office) to more than 30 staff members and from several thousands of dollars to over a million dollars. Capacity constraints ultimately may favor lower cost innovation facilitators, such as fintech offices.

Checklist for Implementers

Conditions

Topic Questions To Be Answered Check
Purpose and Objective

Is the purpose and objective of the sandbox clear and internally aligned to all stakeholders?
 

Legal Conditions

Does the legal environment allow for the implementation of a sandbox? (i.e. availability of statutory mandates, intra/inter-regulatory coordination, legislative options, regulatory discretion)?
 

Market Conditions

Do the market conditions allow for the implementation of a sandbox? What is the  market perception of the regulation/regulator? Is there a need for a regulatory sandbox or related programs ?
 

Regulatory Capacity

Is there sufficient internal regulatory capacity to implement sandbox and/or related initiatives?

Alternatives and Complements

Are there alternative formal and informal regulatory initiatives that could serve the same purpose as the sandbox more effectively or at lower cost ?

Resources

Is there an internal, cross-functional team responsible for delivering sandbox initiative? Does this initiative have an institutional champion/executive sponsor? Does the team and sponsor have sufficient resources?

Design

Topic Questions To Be Answered Check
Eligibility

Is it clear who is eligible to participate in the sandbox and what the communication plan to those eligible is?

Governance

Is the governance structure set for the operating structure, roles and responsibilities, and key operational processes for the internal team?
 

Timing

Is it clear what the timing of the admission window is? Timing of the test itself?

Test Restrictions

Is the scope, scale and operating conduct of the test designed to minimize potential harm?

Exit

Is there a clear exit strategy? What are the individual test outcomes to be measured? What are the performance KPIs? What is the success threshold? How can the learnings of the test be incorporated into the broader regulatory agenda?

Building A Regulatory Sandbox

Sandbox Testing Plan

Testing plans typically are proposed by sandbox participants and evaluated by the sandbox team on a case-by-case basis. Testing plans should be customized to develop evidence on the regulatory questions presented by the specific innovation. As a basic rule, the regulator must feel comfortable that, once the testing is conducted as planned, the regulator will be able to decide what the next steps will be and choose an exit option. In reviewing a proposed testing plan, the regulator must confirm the plan is comprehensive and clear.

Key Criteria:

  • Define the overall timeline and budget.
  • Identify precisely what is being tested, as well as how and why.
  • Define milestones and success criteria.
  • Define risks and mitigating measures.
  • Identify staff and their responsibilities.
  • Establish rules for engaging with and reporting to the regulator throughout the testing period.

Testing Plan

Element of Testing Plan Description
Summary of innovation and test

An executive summary describing the innovation being tested and the testing plan (location, duration, number and type of customers, how will the test be conducted).

Sandbox tool required

Type of tool required to run the test (I.e. Restricted authorization)

Objectives of test

What is the test trying to prove, and what is the definition of success

Measures of success

Quantitative and qualitative metrics to measure during the test to verify if objective is met

Outstanding dependencies

Bottlenecks involving internal/external stakeholders or logistical issues that affect the implementation of the test

Key risks identified and mitigation

Risks that threaten the success of the test (i.e. theft, technological incompatibility) and potential mitigation strategies 
 

Testing Plans

A plan for testing in the sandbox setting out the timeline and key milestones

Duration

Set duration of the test (testing duration should be long enough to enable statistically relevant data to be obtained )

Number of customers

How many customers should be involved in the test

Customer type & sourcing

The types of customers to be included in the customer (if varied) and where to source them

Customer safeguards

How to minimize the fallback in case customers are faced with risks (i.e. providing access to Ombudsman services, providing compensation, providing information regarding the tests and disclosures prior to participation).
 

Customer disclosures

Firms should disclose information about the test and the available compensation to them, based on jurisdictional regulation

Exit plan

Operational procedure to notify the closure of the services at the end of the specified duration (i.e. what happens to the customer and the service when the test ends)
 

Building A Regulatory Sandbox

Sandbox Project Plan

A sample template of regulatory sandbox project plan is available in How to Build a Regulatory Sandbox : A Practical Guide for Policy Makers

Building A Regulatory Sandbox

Exit Options

Once testing is over, the final evaluation is facilitated by regular reporting delivered throughout testing and the final report prepared either by the sandbox participant itself or by an independent auditor. The final report must be delivered within a prescribed deadline and the regulator should proceed swiftly with the final decision.

Every regulator should carefully map its own regulatory framework against each of the possible outcomes to determine whether and how easy it would be to implement each. The regulator should avoid setting up a sandbox without having legal clarity on each of the potential exit options.

Legal clarity is important for potential exit options

Photo Credit: World Bank
Source: World Bank

Building A Regulatory Sandbox

Exit Criteria for Successful Test

The completed sandbox test may be deemed successful or unsuccessful. A successful test means that the test ran as planned, but it does not mean that the sandbox participant will be allowed to bring the innovation to market. That happens only when the sandbox participant wants to proceed, and the regulator considers the innovation subject to its mandate and market worthy

 DESCRIPTIONExample
LicenseThe sandbox participant can roll out the innovation in the market in compliance with regulatory requirements.All successful firms graduating from the UK FCA sandbox have been licensed under a licensing regime that was already in place.
Other Formal ApprovalThe sandbox participant can roll out the innovation in the market in compliance with regulatory requirements subject to exemptions and/or waivers granted. This also may include a mandatory partnership with a licensed financial institution.The Capital Markets Authority of Kenya uses the widely defined discretion granted in the Capital Mar- kets Authority Act to authorize temporary operations until an appropriate regulation is adopted.
Regulatory changeThe tested solution falls under the regulator’s mandate but cannot be permitted without changes in the legal and regulatory framework.The Central Bank of Brazil has created a sandbox framework that allows testing up to three years, which should provide enough time for regulatory changes should they be needed.

Building A Regulatory Sandbox

Related Resources

For more detailed information, please refer to these two documents