How is Regulatory Sandboxing Changing the Financial Ecosystem?
Our next article in our Expert Insight section has been written by Stephen Cheeseman; with expert knowledge and vast experience in legal compliance and business leadership in the financial sector, he has provided us with interesting insights into how regulatory ‘Sandboxing’ will enhance the legal sector. With Sandboxing not being a newly coined word, Stephen also touches on how it will change the FinTech industry; as the legal sector tries its hardest to embrace technology, this is a must read article for those who are rooting for such change.
If you have not heard the term Regulatory Sandbox – get ready to hear it a lot more. No single concept will pose as much challenge towards the traditional training for legal and compliance professionals, whereby rules are meant to be followed and enforced when necessary. “Sandboxing” is a concept being promoted by countries who want to attract FinTech companies and seize opportunities to be more globally competitive in the financial services. In today’s digital planet, embracing technology is as key to delivering high quality financial services, as are the regulations that protect the national economy and its citizens. This becomes an even greater balancing act with the rapid globalisation of industry, retailing and financial markets. The greatest challenge will be harmonising regulations that support current financial services infrastructure (think legacy systems!), and yet embrace technology demands of the next generation. Two other “tech” concepts that need to be understood and will bump into the Regulatory Sandbox are “RegTech” – the use of technology for financial compliance and supervision, and “TechFins” entities, which are not financial services in nature, leveraging large amounts of data to provide financial services through technology. We will speak to these other two concepts in a different article. First, a few facts need to be on the table starting with when technology showed up in our modern financial ecosystem.
Post World War II saw a new agenda of legislation for the globalisation of banking including the Bretton Woods System (1944), resulting in the creation of the International Monetary Fund and the World Bank. This global connectivity also led to ideas about technology, including some that are still in use today: namely the first ATMs being brought into existence in London in 1967. This would be the first obvious sign of Fintech (even though it wasn’t called that) to the consumer for a few decades. Long before the internet, technology was already in play in the back offices, including: electronic stock trading in the 70s, the use of mainframe computers to track funds and support electronic record keeping systems. It wasn’t until the technologies that drove the back end of financial services became useable by the retail public, via the likes of digital investment platforms: (1982 – E-Trade), on-line retailing (1984 – TESCO) and digital banking (1998), that the customer and the regulators became truly aware of the benefits of technology in the delivery of financial services. The financial institutions had a strong sense of the servicing possibilities that technology could bring, but also understood both the cost of building out these platforms, as well as the challenges of a regulatory environment built around in-person service delivery and a paper based records interface with their customers. So how would regulators and financial services providers meet the consumer’s appetite for technology, while working within the confines of the existing regulatory framework?
Time for a Sandbox!
A Regulatory Sandbox is a platform where regulators allow FinTech solutions to be tested without having to fit exactly into an existing regulatory framework that can be prohibitive from a consumer intuitive delivery perspective and an implementation cost. A ‘Sandbox’ can reduce or remove select existing legal requirements for test purposes and even for the eventual formal adoption of the proposed technology solution. The test environments typically have limits on: the number of clients that are exposed to the test; maximum test time lines on testing; mitigating risks (minimum capital to protect customers), and testing under the regulators supervision. More importantly are the criteria that different jurisdictions use to determine who gets to “play in the sandbox” and the rules they need to abide by once they are approved. Applicant approval in most jurisdictions include criteria, such as: the benefit to consumers, risks to the overall financial system integrity, and the degree of innovation. Many jurisdictions – if it is a new entity to the financial services sector – will require registration or a licensing process so that the entity is as accountable as current registrants in that space. Registrants will generally berequired to meet minimum credit worthiness standards and approval of the company’s officers; these are credentials which have no connection to the technology proposed, but are starting points to protect potential customers. This opens the door to both start-ups, as well as established players. Prior to the project launch, and once approved as potential candidates, further parameters will include adherence to broader regulations around Customer Confidentiality and privacy, Know Your Customer, Anti Money Laundering, Countering Financing and Terrorism. These are minimum table stakes to maintain credibility on the global stage.
There are currently Sandboxes in most global regions financial hubs including Abu Dhabi, Australia, Canada, Hong Kong, Malaysia, Singapore, Switzerland and the UK. A note-worthy element is the growing number of countries that have proposed Sandbox type legislation to ensure they remain competitive with those already on board. These include Indonesia, Israel, Russia, Taiwan and the USA. (These lists are changing so fast there may well be more countries in either group that I have not mentioned by the time you finish reading this article!) The The Sandbox is in many ways aspirational – trying to find a Fintech embracing regulatory path to improve the delivery financial services. The harder part is determining the strategy and breadth of the Sandboxes which can vary significantly from country to country and depend in many ways on the countries’ regulatory infrastructure. As a primary financial services oversight regulator, the UK has the Financial Conduct Authority. This has served them well since their launch of the Sandbox in May 2016, with 55 applicants accepted to date. Jurisdictions with single or minimal regulatory ownership of the Sandboxes have shown greater accommodation to lessen regulation for the FinTech industry. For example,The Monetary Authority of Singapore (MAS) is clear in its flexibility with its website statement: “Depending on the experiment, MAS will provide the appropriate regulatory support by relaxing specific legal and regulatory requirements prescribed by MAS, which the sandbox entity will otherwise be subject to, for the duration of the sandbox”. Hong Kong has also found a way to launch and align Sandboxes managed by three different regulatory authorities across three sectors – banking, insurance and securities.
The US on the other hand, while home to Silicon Valley and a key global financial centre, has struggled to implement a Sandbox by the many layers of regulatory bodies that touch FinTech driven services. The range of federal regulators with specific, and at times, different voices on the role of Fintech include the Commodities Future Trading Commission, the Office of the Comptroller of the Currency, The US Securities and Exchange Commission, The Financial Industry Regulatory Authority and The Federal Deposit Insurance Corporation. Legislation H.R. 6118, The Financial Services Innovation Act of 2016 – well intended but currently stalled in Congress – was drafted on the theory that FinTech was a business necessity and foundational for financial services regulatory reform. The ability to put in place a Sandbox depends as much on the countries’ regulatory structure as its political appetite to accommodate FinTech opportunities.
Sandboxes have become table stakes for some jurisdictions. One obvious example is the European Commission issuing a recommendation in March 2017 for the launch of a Pan EU regulatory Sandbox. Given the leading role the UK plays in the current EU Fintech space and its pending departure, this recommendation appears to be a necessity for a smaller EU to keep up with the other global Fintech leading countries.
A final point: the country that is introducing the Sandbox needs to determine the breadth of areas it wants to open up to regulatory accommodation. Generally, these can be narrowed down to five categories: Payment Services, InsureTech, Credit Products, Investment Platforms, and Banking Tech. There are many other areas that technology can provide value to, however, these are the primary access points that FinTech has brought visible benefits to retail financial services customers. While the UK has opened its Sandbox to the full range of services, other countries like Canada have chosen to limit the Sandbox concept at this time to the purview of the Canadian Securities Administrators, the regulator of its capital markets.
The “Sandbox” idea is not new. In fact, its been around for decades as a software business concept that enables developers to test ideas before they get released to the public. The added dimension for regulators is that ‘technology advances at a speed much faster that any law could, or should be, enacted to accommodate the benefits of the technology’. The Sandbox concept is challenging not only the financial services industry, but also the legal profession in a long overdue way. We as lawyers and compliance professionals need to make it a point to understand technology beyond what serves us in our office. Instead of thinking outside the box we need to l think more creatively inside the Sandbox to help FinTech, Financial Services and the Legal profession to thrive in the digital world.
Stephen is Toronto based lawyer admitted to the Bars of Ontario, Colorado and Wales and England who has advised on transactions across the globe. With added credentials in Anti-Money Laundering, Privacy and Cyber Security, he is a frequent and passionate speaker on the intersection of technology and regulations. He has held legal and compliance roles in the delivery of financial services for international companies that include Foresters Financial, HSBC, Apptical and Canada Protection Plan and more recently is providing compliance expertise in the banking and life insurance space with a focus on digital initiatives.
