RBI

RBI Releases 2024 Enabling Framework for Regulatory Sandbox

Recently, the Reserve Bank of India has announced an update to its ‘Enabling Framework for Regulatory Sandbox’, which is a kind of mechanism truly designed with the intent to provide innovation in the financial sector landscape. The RBI made a significant framework based on the valuable insights from running four cohorts over a period of 4.5 years and the potential feedback duly received from the end of different stakeholders, such as FinTechs and banking partners.  

One of the significant changes in the updated framework is the extension of the timeline for the various stages of the regulatory sandbox process from 7 to 9 months. Such adjustments enable participants to have more time to develop, test and refine their innovative solutions in the sandbox ecosystem. Moreover, the updated framework now includes a necessary requirement for all the sandbox entities to ensure compliance with the provision of the Digital Personal Data Protection Act of 2023. It will ensure that data protection and privacy considerations are properly and efficiently addressed in the innovation process.

The objective of the regulatory sandbox remains unchanged and intends to foster responsible innovation in the financial services landscape by facilitating a controlled regulatory environment for testing new products, services, and business models to promote efficiency and bring tangible benefits to consumers. The ‘Enabling Framework for Regulatory Sandbox’ was first introduced on 13 August 2019, followed by extensive consultations with potential stakeholders. Since that time, the sandbox has served as an important tool to promote innovation and drive positive change in the financial landscape.

Enabling Framework for Regulatory Sandbox

Background

 The Reserve Bank of India (RBI) established an inter-regulatory working group (WG) in July 2016 to look into the affairs and report on the granular aspects of FinTech and its implications to review the regulatory framework and respond to the dynamics of the ever evolving fintech landscape. Further, the reports of the working group committee were made available for public comments on 8^th Feb 2018. One of the significant recommendations made by the WG was to prepare a suitable framework for a regulatory sandbox within a systematic manner and duration, in which the financial sector regulator will provide the necessary regulatory guidance, with an intent to enhance the efficiency, manage risks and develop new and potential opportunities for the consumers. Subsequently, a detailed regulatory framework with clear principles and the role of the proposed RS, which includes the reasons for setting up the RS and the RBI expectations.

The Regulatory Sandbox principles and objectives-

The Regulatory Sandbox

The Regulatory sandbox (RS) is supposed to be the live testing of new products and services in a controlled or test regulatory environment, for which the regulators may or may not allow certain specific regulatory relaxations over a limited purpose of the testing. The RS permits the regulator, innovators, financial service providers and potential customers to initiate field tests to gather evidence on the benefits and risks of new financial innovations while monitoring and containing their risks. This can facilitate a structured platform for the regulators to get engaged with the ecosystem and to create and develop innovation-responsible regulations that facilitate the delivery of relevant and low-cost financial products and services. RS is an important tool to facilitate evidence-based regulatory environments which learn from and evolve with emerging technologies.

Objectives

RS intends to facilitate responsible innovation in the financial services landscape, enhance efficiency and bring direct benefits to consumers. RS is supposed to be a formal regulatory programme for the market participants and allows them to test their new products, services or business models with potential consumers in a live environment, subject to specific safeguards and oversight. The proposed financial services which were to be launched under the RS may include the newly emerging innovative technology or the use of existing technology in an innovative manner with an intent to address problem solutions and provide benefits to consumers.

 Regulatory Sandbox Benefits

RS is more likely to provide several benefits to financial services and customers. Some of the important benefits are given below-

• RS facilitate learning by doing on all sides. This means that regulators will obtain first-hand evidence of the benefits and the risks of emerging technologies and their implications, which will enable them to consider the new regulatory changes that may be required to support useful innovation while containing the attendant risks. Potential financial service providers, such as banks, are required to improve their understanding of how the new financial technologies work, which will definitely help them to integrate those innovative technologies within their business plans. Innovators and FinTech entities can enhance their understanding of regulations that govern their offerings and may shape their products and services accordingly. 
• Users of an RS can easily test the product viability without having a larger and more expensive roll-out in case the product seems to have the appropriate potential to be successful. If any concerns arise during the sandbox period, then an appropriate modification can be made to the product before its launching in the market landscape.
• Fintech offers innovative solutions that can facilitate financial inclusion significantly. The RS is more likely to improve the pace of innovation and technology absorption along with financial inclusion and enhance the financial reach. RS can provide potential thrust to different areas, including microfinance, innovative small savings, remittances, mobile banking and other digital payments.
• Providing the structured and institutionalized ecosystem for evidence-based regulatory decision-making, the dependence of the regulator on industry and stakeholder consultations is correspondingly reduced.
• RS could facilitate the best possible results for consumers through an increased wide range of financial products and services, reducing costs and enhancing access to financial services.

Regulatory sandbox, risks and Limitations

• Innovators are more likely to lose certain flexibility and time in going through the sandbox process. However, running the RS in a timely manner at each step can easily mitigate the risk.
• Case-by-case bespoke authorizations and regulatory relaxations may involve time and discretional judgements. Such risk can be addressed by handling applications in a transparent manner and through well-defined principles in decision-making.
• The RBI or RS can provide any legal waivers.
• Post-sandbox testing, a successful experimenter is required to get regulatory approvals before the said products, technology, and services can be allowed for a wider application.

 Regulatory Sandbox Eligibility Criteria

  The applicant for entry to the RS, including FinTech companies such as start-ups, banks, financial institutions, any other entity, Limited Liability Partnership (LLP) and partnership firms, either partnering with or providing support to the financial services businesses, comes under the category of Sandbox. The RS intends to promote innovations for use in the Indian market in areas where-

• There is an absence of governing rules.
• There is a need to temporarily ease regulations to support the proposed innovation.
• The proposed innovation showcases the promise of easing/effecting the delivery of financial services in the most significant manner.

 Design Aspects of Regulatory Sandbox

The RBI has considered the below-mentioned design featured for RS.

Regulatory Sandbox Cohorts

RS may run a few cohorts, including an end-to-end sandbox process, with a limited number of entities in each cohort testing their products during the stipulated period. The RS shall be based on thematic cohorts that focus on financial inclusion, payments and lending, digital KYC, etc. The cohort must have a neutral theme where innovative products, services, and technologies that provide various functions in RBI’s regulatory domain could be eligible and easy to apply. The cohorts may run for different time periods but must be completed within a period of 9 months, starting from the receipt of complete and eligible applications.

On Tap Application

Just to ensure continuous innovation within the closed themes, an RS should also accept ‘On Tap’ applications. The detailed themes open for the ‘On Tap’ application must be communicated through the Reserve Bank of India website. All the terms and conditions to participate in the ‘On Tap’ facility must be in the same manner as they are applicable under the RS.

Product/Services/Technology under RS

A specific list of innovative products/services/technology which can be considered for testing under RS-

Innovative Products/Services

• Retail Payments
• Money transfer services
• Marketplace lending
• Digital KYC and Digital Identification Services
• Financial Advisory and Wealth Management Services
• Smart Contracts
• Financial Inclusion Products
• Cyber Security Products
• Reg Tech and SupTech

Innovative Technology

• Mobile technology applications (payments, digital identity, etc.)
• Data Analytics
• Applications under blockchain technologies
• Artificial Intelligence and Machine Learning Applications

Regulatory Requirements/Relaxations for Applicant

The RBI may consider relaxation if warranted, as well as some of the regulatory requirements for applicants for the duration of the RS on a case-to-case basis. Here are a few examples where regulatory relaxation can be granted accordingly-

• Liquidity requirements.
• Board Composition.
• Management experience
• Financial soundness
• Track record
• Statutory Restrictions.

Moreover, the requirements are necessary to be followed and complied with by the applicant prescribed below-

• Customer privacy and data protection
• Secure storage of and access to payment data of stakeholders
• Local Data storage
• Security of transactions
• KYC/AML/CFT requirements
• Statutory requirements

Exclusion from Sandbox Testing

The entities will not be suitable for the RS in case their proposed financial services are of a similar nature to those services already being offered in India until the applicant is not able to showcase the usage of new innovative technology or the existing technology is being applied in a more effective and efficient pattern. A negative list of products which will not be accepted for the RS testing is given below-

• Credit registry
• Credit information
• Cryptocurrency/Crypto assets services
• Trading/investing/settling in crypto assets
• Initial Coin Offerings, etc.
• Chain marketing services
• Any product/services which have been banned by the regulators/Government

of India

Fit and Proper Criteria for the Selection of Participants in RS

It is mandatory for each and every applicant to comply with the following listed terms and conditions-

1. It must be a company incorporated or registered in India, a bank licensed to operate in India, or a Limited Liability Partnership (LLP) or partnership firm duly registered in India. Previously registered financial institutions under the statute of India will also be eligible.
2. It is necessary for the entity to have a minimum net worth of INR 10 lakhs, as per its updated balance sheet.
3. The entity whose application is rejected can apply again with the same product after the successful completion of a cooling period of 6 months.
4. It is necessary for all the promoters, directors and partners to be fit and proper in accordance with the specified criteria mentioned in Annex-1. A letter of declaration and undertaking is necessarily required to be furnished as per the format of Annexe II.
5. The conduct of the bank accounts of the applicant entity and its promoters and directors must be satisfactory.
6. Their credit history must be satisfactory.
7. The entity must showcase that the products or services are technically fit and proper for deployment purposes in a large market landscape. However, the RBI will not provide any tests and data for testing of their products or services.
8. It is mandatory for entities to engage with the in-principle agreement in case any of their various stakeholders at the time of applying for the RS.
9. Entities are required to showcase that they comply with the existing rules and regulations and the specific laws on consumer data protection and privacy.
10. It is necessary for the entities to have an adequate platform in IT systems so that they can easily ensure and safeguard against the unauthorized access, alteration, destruction, disclosure or dissemination of records and databases.
11. The entity must be required to implement a robust IT infrastructure in the system along with managerial resources. The IT systems are used for end-to-end sandbox processing and provide end-to-end integrity of information processing.

Extending or Exiting the RS

1. During the end of the RS period, the regulatory relaxations provided to the entities will expire, and the sandbox entity must exit the RS. During the phase, if a sandbox entity needs an extension of the sandbox period, it is mandatory to apply to the RBI at least one month prior to the expiry of the sandbox period, along with a valid reason. The RBI may make an informed decision either to allow or give a decision on the basis of the case-by-case stage of testing and declare the result accordingly. 
2. RBI can discontinue the RS testing at any time, if-
3. The sandbox entity does not secure its intended objective, depending upon the latest test results, expected outcomes and the mutually agreed schedule.
4. In case the entity is not able to comply with the existing rules and other requisite terms and conditions duly specified at any stage of sandbox processing.
5. In case the sandbox entity has not acted properly in the interest of consumers due to negligence or process malice practice.
6. In case the sandbox entity has provided false, misleading, or untrue information during the application for the RS.
7. If the entity fails to ensure data security, fails to address the technical defects, fails to develop or implement any safeguard, or undergoes liquidation or has its regulatory license cancelled,
8. If the sandbox entity is not capable of starting the testing or getting into the requisite partnerships.

• The sandbox entity can also exit from the RS testing, requesting RBI one month prior to such testing.
• It is mandatory for the sandbox entity to ensure prior existing obligation to its customers of the financial services under experimentation while exiting the RS or discontinuing with the RS.

Boundary Conditions

At the time of engaging in a production environment, the RS must have its own established space and well-defined durations for the purpose of launching the proposed financial services, within which the consequences of failure can be contained. Proper boundary conditions must be specified for the RS to be meaningfully executed while sufficiently protecting the interest of consumers. Such boundary conditions for the RS will include-

• Start and end date of the testing period
• Target customer/merchant type
• Limit the number of customers or merchants engaged
• Transaction ceilings or cash holding limits.
• Cap on customer losses

Consumer Protection

• It is mandatory for the sandbox entity to ensure the existing obligations to the customers of the financial services under experimentation are duly fulfilled or addressed appropriately while exiting or discontinuing with the RS. It should be noted that entering the RS does not constitute limiting the responsibility of the entity towards its customers.
• The entities who are involved in the RS must stay at the forefront and transparently inform the test customers of potential risks and the amount of compensation and must receive their customers’ explicit consent. It is also mandatory to have a proper arrangement for the potential customer to revoke their consent from testing.
• Sandbox entities must have proper liability insurance to safeguard their customer’ interests. Such coverage must be customized as per the product, services, and technology being used for testing and needs to consider several factors, including maximum exposure per customer, the potential for multiple claims, expected claims during the policy tenure, and the option to roll out insurance coverage. It is mandatory to endorse the insurance at the time of the testing stage and continue for the period of 3 months after the sandbox entity exits.

Regulatory sandbox process and its stages

A comprehensive and detailed end-to-end sandbox process, which includes the testing of products and innovation by Fintech entities, will be governed by the RBI FinTech Department (FTD) under the guidance of the Inter-Departmental Group (IDG) with the participation of different regulatory departments of RBI with other field experts.

Sandbox Process: Stages and Timelines

All cohorts of the RS will have the below-mentioned 5 stages and timeline-

Preliminary Screening

The FTD will evaluate the applications to shortlist candidates who meet the eligibility criteria and RS objectives. The entire process takes a period of 1 month after the submission of the application, along with the other information required by FTD for screening and due diligence purposes. It is necessary to know that the above-said FTD evaluation period goes beyond the overall 9-month RS cohort timeline.

Application Assessment and Shortlisting

The FTD assess applications for innovation, technology and security. All the requested regulatory relaxations are reviewed case by case with the concerned regulatory department. Shortlisted entities may further showcase their offerings to the IDG to consider. The entire phase takes a span of 6 weeks. 

Formulation of Test Design and Integration Phase

The FTD will work closely with the applicant, refine the test design, and establish metrics to evaluate the benefits and risks accordingly. It is mandatory for shortlisted entities to be aligned with their partners and to prepare for the testing of their products, services, and technology. This period takes 1.5 months to complete the entire process. 

Testing Phase

This phase can take up to 5 months, and during that period, entities will provide test results every 2 weeks. The FTD will monitor and assess these results very closely.

Evaluation Phase

FTD will evaluate test outcome reports through both quantitative and qualitative approaches to determine the viability and acceptance of the products and services within the regulatory sandbox landscape. RBI provide the final confirmation of products and services technology depending upon the testing outcomes. The phase takes 1 month from the submission of test results, along with the other required information requested by FTD. FTD have the flexibility to decide on the timelines for each stage with proper and close monitoring of the timeline so that RS objectives can be secured in a timely manner.

Transparency and Disclosure

It is mandatory for RS to outreach information to the stakeholders in a clear and proper manner. Further, the RBI comminute the entire sandbox process, which includes the launch, theme of the cohort, and applicants selected for RS testing of different products, services and technology, which must be accepted under the RS through its official website.

The RBI reserves the right to publish the information about the RS applicant on its official website to facilitate the purpose of knowledge sharing and collaboration with international regulatory agencies without disclosing any proprietary, intellectual property rights-related information.

Conclusion

In conclusion, the Reserve Bank of India (RBI) has updated its ‘Enabling Framework for Regulatory Sandbox’ to foster responsible innovation in the financial sector, extending the sandbox process timeline and emphasizing compliance with the Digital Personal Data Protection Act, 2003. Through this framework, the RBI aims to provide a controlled environment for testing new financial products and services, ultimately promoting efficiency and benefiting consumers. This update reflects the RBI’s commitment to adapting regulatory practices to the evolving fintech landscape while ensuring consumer protection and fostering innovation.