Regulatory Sandbox (RS) is a live or virtual testing of new products or services, in a (controlled) testing environment with or without any ‘regulatory relief’. The regulator provides the appropriate regulatory support by relaxing specific legal and regulatory requirements, which the sandbox entity will otherwise be subject to for the duration of the sandbox.

The concept of RS was formulated on the understanding that in order to encourage more innovation a well-defined space and duration should be provided by the regulators with requisite regulatory support, so as to increase efficiency, manage risks better and create new opportunities for consumers.

FinTech, globally, presents a need for a paradigm shift in terms of the regulatory models in place which traditionally focussed on product-based policy, adequate capitalisation, ownership controls and silo-centric regulations. The term ‘regulatory sandbox’ was coined by the Financial Conduct Authority in 2015 in the United Kingdom. Other jurisdictions such as Malaysia, Singapore and Australia have also successfully set up RS programmes which give a much-needed fillip to innovation in the face of regulatory uncertainty. The RS in India, first, suggested by the Inter Regulatory-Working Group of Fintech and Digital Banking (“WG”) of the RBI in 2016 has become a reality in a rapid set of steps culminating in a draft report released in April 2019, which was finalised after extensive stakeholder and public consultation. On the heels are similar RS’ proposed by other financial services regulators such as IRDA (Insurance) and the SEBI (Securities Markets).

I. Looking forward: RBI and the Fintech space

In a significant impetus to the Fintech space in India the Reserve Bank of India (the “RBI”) – the principal Indian regulator for banking and non-banking financial services – has moved swiftly and notified the final ‘Enabling Framework for Regulatory Sandbox’ on August 13, 2019 (“Enabling Framework”).

The Enabling Framework envisages an accelerator or incubator style programme involving multiple cohorts in a year which will be allowed to test and market their services in a controlled environment. The RS is expected to be based on thematic cohorts focussing on financial inclusion, payments and lending, digital KYC, etc.

We have highlighted below the key aspects of the Enabling Framework of the RBI.

(i) The Eligibility Criteria

Target applicants, as declared by the Enabling Framework, are FinTech companies, including start-ups, banks, financial institutions and other companies partnering with or providing support to financial services businesses.

The eligibility criteria for RS entities is provided as a list of ‘fit and proper criteria’ which amongst other items includes the entity to be incorporated in India with a minimum net worth of INR 25 lakh, the promoter or director should be a fit and proper person as per the criteria enumerated in the Enabling Framework.

The Fit and Proper Criteria has been underscored as a necessary condition, especially if the applications to the RS are large in number and the final selection will be based upon the novelty of the innovation and the potential benefit which the product or service brings to the consumers/industry.

(ii) Proposed Timeline

RBI has proposed that the cohorts should ordinarily be completed within 6 months and in this regard the Enabling Framework envisages the following detailed end-to-end sandbox process and stages:

  • Preliminary Screening – (four (4) weeks from the closure of the application window).
  • Test Design (four (4) weeks) – An iterative engagement to identify outcome metrics for evaluating evidence of benefits and risks.
  • Application Assessment – (three (3) weeks). The FTU shall vet the test design and propose regulatory modifications, if any.
  • Testing – (maximum of twelve (12) weeks).
  • Evaluation – (four (4) weeks).
(iii) Positive and Negative List of Products / Services

The Enabling Framework also gives a cue in the form of an indicative list of Industry Verticals it is considering, namely:

  • Retail payments
  • Money transfer services
  • Marketplace lending
  • Digital KYC
  • Financial advisory services
  • Wealth management
  • Digital identification services
  • Smart contracts
  • Financial inclusion products
  • Cybersecurity products
  • Mobile technology applications (payments, digital identity, etc.)
  • Data Analytics
  • Application Program Interface (APIs) services
  • Applications under blockchain technologies
  • Artificial Intelligence and Machine Learning applications

The RBI has also declared an indicative negative list of Industry Verticals which will not be considered for the RS:

  • Credit registry
  • Credit information
  • Cryptocurrency/Crypto assets services Trading/investing/settling in crypto assets, Initial Coin Offerings, etc.
  • Chain marketing services
  • Any product/services which have been banned by the regulators/Government of India.
(iv) Regulatory Relaxations and Waiver

The RBI may relax specific regulatory requirements for applicants for the duration of the RS on a case-to-case basis. The enabling Framework provides the following examples of regulatory relaxation(s):

  • Liquidity requirements
  • Board composition
  • Management experience
  • Financial soundness
  • Track record

The RBI has indicated that the relaxations will be granted in a bespoke manner on a case-to-case basis. However, it has indicated that the following aspects will require full compliance as per applicable law and be treated as a sine qua non for the RS, namely:

  • Customer privacy and data protection
  • Secure storage of, and access to payment data of stakeholders
  • Security of transactions
  • KYC/AML/CFT requirements
  • Any applicable statutory restrictions

The Enabling Framework clarifies that participation in the RS does not operate as a legal waiver and neither can the RS or RBI provide any such waivers.

(v) Regulatory Point of Contact

The RS process will be overseen by the Fintech Unit (“FTU”) under the guidance of the Inter Departmental Group (“IDG”). The RBI will communicate the entire sandbox process including its launch, theme of the cohort, successful applicants selected for RS, entry and exit criteria and products/services found viable and acceptable under the RS through its official website.

(vi) Consumer Protection & Liability Insurance

The RS entities will be required to take adequate liability/indemnity insurance. The policy cover is required to be in place before the start of the ‘testing’ stage and extend up to three (3) months after its exit from the RS.

II. SEBI and The Innovation Sandbox

The regulator of the capital markets, the Securities and Exchange Board of India (“SEBI”), released a circular on the 20th of May 2019, consisting of the framework for the innovation sandbox. This framework was developed considering the need of innovation in the commodities and securities market and ensuring that the Fintech companies play its role in embracing this innovation. This will create a controlled environment which will in turn allow offline testing of innovations.

The basic idea behind this is to allow companies to test their innovations subject to certain regulations, before introducing them in the live environment. The circular issued by SEBI lays down the broad framework with respect to;

  • The design components;
  • The legal components;
  • The administrative components and
  • The interface for innovation sandbox.

Even though this is a very welcome move by SEBI and is expected to lead to the betterment of the Indian economy, there have been quite a few critics and its success is highly dependent on its implementation.

III. IRDAI’S Framework for Regulatory Sandbox

While the RBI’s framework encompasses innovation in the Banking sector and SEBI’s framework covers fintech companies, IRDAI aims at promoting innovation in the insurance sector. The notification, which is effective from July 26, 2019, has been divided into three chapters. The first states the objectives and the definitions, the second states the procedure for seeking permission for promoting innovation in the insurance sector in India, and the third looks at the powers of the authority. The IRDAI has also issued guidelines which stipulate that it is the duty of the applicant to ensure the complete confidentiality and security of the personal information of the customer, as collected by the applicant.

Though the regulatory sandbox in the insurance sector could lead to an effective aftermath scenario, there is a possibility that the innovators may lose time and flexibility in going through this process.


A RS can be a valuable tool and a safe space for regulators to facilitate a testing process for applicants whereby useful empirical data can be collated to track innovation in the fintech industry. However, it should be kept in mind that a RS in India needs to be customized to the specific realities of the Indian political, economic and financial systems in India. For example, there could be many products, whose business models are regulated by different regulators. None of the frameworks in India presently contemplate engagement between regulators which would greatly assist in furthering innovation across sectors. It would be a step in the right direction to further increased communications and discussions between regulators, consumers, applicants, and other stakeholders. The key to a successful RS is a well-thought out implementation process which is aided and monitored by a regulator who collaborates with several stakeholders to build a more inclusive fintech ecosystem.

This material and the information contained herein prepared by Algo Legal is intended to provide general information on a subject or subjects and is not an exhaustive treatment of such subject(s). Algo Legal is not, by means of this material, rendering professional advice or services. The information is not intended to be relied upon as the sole basis for any decision. Algo Legal shall not be responsible for any loss whatsoever sustained by any person who relies on this material.