SEBI Introduces the Framework for Regulatory Sandbox

Ashish M. Shaji

31 Jul, 2020

The market regulator, Securities, and Exchange Board of India (SEBI) introduced the framework for regulatory sandbox on 5^th June 2020. Under it, the entities regulated by SEBI will be granted certain facilities and flexibilities to experiment with Fintech solutions in a live environment and on a limited set of real customers for a limited time.

Who is eligible to use the Regulatory Sandbox?

The circular issued by the SEBI allows all registered entities with SEBI under Section 12 of the SEBI Act to apply for testing in the regulatory sandbox. It further states that it may apply on its own or engage the services of a Fintech firm. Before this, SEBI allowed Fintech start-ups and entities that were not regulated by SEBI to test their proposed solutions offline.

Process of obtaining SEBI’s approval

SEBI has prescribed the applicant to go through three stages of evaluation.

• In the first stage the application is examined for eligibility on grounds such as genuineness of innovation, the genuine need for a test which means the applicant should have a genuine need for testing the solution on customers, direct benefits to users (investors or entities or capital market) and risk management strategy of the solution.
• The second stage involves an evaluation of the applicant’s solution for regulatory requirements and conditions and assessment of the applicant to meet these requirements. Further, the applicant is also required to demonstrate the intention and the ability to deploy the solution on a broad scale. The applicant is then granted approval for the next stage.
• The third stage is the testing stage, and its duration will be 12 months. This duration can be extended on request by the applicant. The SEBI circular provides the evaluation criteria for the testing stage, which is required to be done by the concerned department using a scoring process.
• Once the testing period is over, SEBI will decide whether to allow the Fintech solution to be brought in the market on a wide scale and further allow relevant registration and certifications. If not, the applicant can employ an exit strategy, or the applicant can request for an extension period for continuous testing. 

What are the regulatory exemptions?

The regulatory sandbox was set up with a view to encouraging innovation with minimal regulatory burden. Therefore SEBI has allowed certain exemptions and relaxations from certain regulatory requirements or selective exemptions depending on case to case.  

However, it may be noted that the circular states that no exemptions will be granted from the extant investor protection framework, KYC (Know Your Customer) and AML (Anti-money Laundering) rules with a view to assure market integrity and investor protection.

The entities wanting to participate in the sandbox should make an application, including the exemption or the relaxation sought from the relevant provisions of the regulatory framework applicable. The regulatory relaxations from various SEBI regulations can be provided once the sandbox testing applications are analyzed.

Submission of test-related information and reports

The SEBI may require the participants to submit information /reports during the testing period. Such information/report includes:

• Key performance indicators, milestones, and statistical information;
• Key issues arising from fraud or operational incident reports; and
• Actions or steps taken to address the issues mentioned above.

Further, the sandbox participants are required to submit a final report having the following information to SEBI within 30 days from the expiry of the testing period:

• Key outcomes, key performance indicators against agreed measures;
• A full account of all incident reports and resolution of complaints from users, if any; and
• Key learnings from the test.

Obligations on the sandbox participants

The sandbox participants must protect the users participating in the testing by ensuring that the user has read the full documentation provided by the applicant and that they have the knowledge of risks to the solution. The applicant is also required to ensure that the users participating in the sandbox have similar protection rights as with the ones participating in the live market.

Revocation of the approval by SEBI

SEBI can revoke the approval at any time before the end of the testing period on the following grounds:

• If the applicant fails to carry out risk mitigants;
• If the applicant submits any information that is false, misleading or inaccurate or if he has concealed or failed to disclose any material fact in the application;
• If the applicant contravenes any applicable law;
• If the applicant suffers a loss of reputation, undergoes or has gone into liquidation;
• Elevates the risk of cybersecurity attack;
• Does business in a manner detrimental to users;
• Fails to address any technical defect in the product, service or solution; and
• Fails to implement any directions given by SEBI.

It may be noted that further appropriate actions will be taken against the applicant if Fintech solution facilitates the following:

• Undermining of KYC principles;
• Violation of user/investor privacy;
• Promotion of fraudulent/illegal products sale;
• Promotion of mis-selling of products or services;
• Violation of anti-money laundering norms; and
• Creation of risk and theft of intellectual property.

The SEBI will give prior notice to the applicant regarding its intention to revoke the approval, and it will also give the applicant an opportunity to respond to SEBI.

 Conclusion