The Regulatory Sandbox: Time to Stop Playing and Get Serious
Countries that want to promote innovation are coming to recognise the difficulty of innovating without regulatory certainty. For the uninitiated to the concept of the Regulatory Sandbox – in simple terms – it is flexible regulatory framework in which traditional and non-traditional institutions are able to test technology driven products that may not fit traditional regulations. The originator of the ‘Sandbox’ term is the technology world which have used “Sandboxes” to test drive new technology in a limited environment, that does not put the rest of an organisation’s technology at risk.
While the Regulatory Sandbox concept has seen its greatest adoption in financial services, it is emerging in other business verticals from medical services (Medtech), agriculture (Agratech) to energy delivery (Enertech).
In my 2017 article on this subject I explored some of the challenges that regulators and lawyers face given our traditional legal training and inclination towards risk minimisation. It is a model that has served global financial institutions and regulators effectively for decades with a few exceptions, (think the Great Depression). The other important concept is that regulation should not occur too quickly. It needs to be responsive to new business needs but also respectful of the governing process that put in place the framework for industries and its society for decades. Instant dictates by heads of government bodies rarely advance business needs and thus will not be respected – even if adhered to. The concept of a Regulatory Sandbox enables oversight in a way that is oriented to 21st century speed of change in business models and the technology that enables such change.
While the Regulatory Sandbox concept has seen its greatest adoption in financial services, it is emerging in other business verticals from medical services (Medtech), agriculture (Agratech) to energy delivery (Enertech). However, the impact and appetite for new technology in financial services has been more obvious, as it touches almost every first world citizen and is exponentially finding its way into emerging economies. Not surprisingly, traditional financial institutions, because of decades of building infrastructure, cannot embrace it as quickly as new and less regulated non-financial entities can. While the internet has enabled the consumer to take advantage of long standing server and software technology – the fact is many of our core technologies have been around for over 50 years from IBM servers (1960) to ATMs (1967) but have remained for the most part out of these leads the reach of regulation. The more important and new reality and the one that is driving the Regulatory Sandbox concept is that “digital” financial services are no longer dictated or owned by traditional financial institutions. Regulators need a new way of thinking of what constitutes a “financial service”, what new risks need to be managed and how to accommodate traditional services under a new delivery model.
With a number of specific financial services technologies being actively tested since 2016, the UK and Singapore are clearly leaders in embracing the concept, but they recognise that this discussion is bigger than their usual regulatory backyard.
Globalisation Is Here!
While some 28 countries have made formal announcements to open the door to a Regulatory Sandbox, the UK and its FCA have been leaders in the regulatory sandbox movement with 89 concepts being tested since they initiated the sandbox in 2015. Singapore’s Monetary Authority has championed the “never say no approach” and has become a Regulatory Sandbox wonderchild. However, the very nature of technology connecting people and industries at a global level has invited the latest concept – namely a “Global Regulatory Sandbox”. First proposed in February 2018 by the FCA, it was formally launched in August as the Global Financial Innovation Network (GFIN). It has the commitment of entities in 10 countries – Abu Dhabi, Canada, Australia, Bahrain, USA, Dubai, UK, Guernsey, Hong Kong, Singapore and the Consultative Group to Assist the Poor (global in membership). The GFIN published a Consultation Document[1] and is soliciting comments until 14 October 2018.
With a number of specific financial services technologies being actively tested since 2016, the UK and Singapore are clearly leaders in embracing the concept, but they recognise that this discussion is bigger than their usual regulatory backyard. One of the biggest enablers of the Sandbox in these two countries was an early recognition on which regulatory body would own the initiative. The FCA and Singapore Monetary Authority have been given the lead role in their countries across a broad range of financial services. Other countries – while conceptually and very publically embracing the Regulatory Sandbox concept – have struggled to make large strides as they figure out which regulatory entity should lead the way on technologies that don’t readily fall under their existing defined authority. The US in particular with its numerous federal and state regulatory agencies has been slowed in its efforts as the likes of the Consumer Financial Protection Agency, the Securities Exchange Commission and The Federal Trade Commission debate who should take the lead. Interestingly, the recent push at the state level with a highly promoted launch of Arizona’s Regulatory Sandbox in August, prompted President Trump to recommend better coordination between state and federal regulators so that the US could be more globally competitive in the Fintech space. The embrace of the Sandbox at the US federal level has been described by numerous business leaders and state governors as moving at a “glacial pace”. Their participation in GFIN will hopefully overcome some these challenges.
The challenge for regulators is that the delivery of services by FinTechs may escape regulation set up for traditional financial institutions.
There are three requirements that regulators have identified that are driving the Sandbox concept. The questions now are: (1) who will they regulate (financial vs nonfinancial institutions), (2) what to regulate (i.e.: financial products vs data) and (3) how to regulate technologies that enable cross border transactions (think GDPR). These lead to the more philosophical question: how to achieve alignment of each countries’ values around global concepts like privacy and data ownership. This may prove to be the biggest challenge facing GFIN.
Two of the more important values at the heart of the Global Regulatory Sandbox, as it relates to financial services are:
- i) Globalisation is inevitable and can contribute to economic growth and stability around the world.
- ii) Data is a global “currency” and has to be better managed to achieve efficiency in its use and protection of the individual.
These two concepts are being increasingly researched by regulators, but the initiation of the GFIN will go a long way to supporting and achieving these ambitions.
The Role of TechFin in Driving the Regulatory Sandbox
The TechFin concept was coined by Jack Ma, Co-Founder and Co-Chariman of Alibaba. Simply put they are entities that started in the technology space (most in e-commerce) and are now stepping into financial services. TechFins are connected to their customers in ways that far exceed financial institutions customer connections. They have a sea of data that dwarfs that of banks’ and which customers readily share with them in ways that banks could only dream of. While they don’t advertise it, the likes of Amazon, Samsung, Ant Financial and Alphabet arguably know more about the banks’ customers than the banks themselves. They represent a new brand of financial institution by indirectly providing financial services “lite”, but for the most part are positioned under the label of e-commerce. They are also set up on a newer technology infrastructure and thus are proving nimbler and more cost-efficient. The challenge for regulators is that the delivery of services by FinTechs may escape regulation set up for traditional financial institutions. This is where the Regulatory Sandbox – whether Global or country oriented – can play an important role to enable technology while protecting consumers.
Cryptocurrency and distributed ledger technologies are frequent applicants across the independent Global Sandboxes.
Who Is in the Sandbox Already?
With the UK’s FCA being the first country to formally launch the Regulatory Sandbox concept in 2015 and approving its first cohort in July of 2016, it has received 279 applications for innovative products, services and delivery mechanisms over four submission rounds. The range of entrants includes established entities like HSBC, Barclays and Standard Life to blockchain and distributed ledger (DLT) start-ups. It is noteworthy that 40 percent of the last round of 29 accepted applications are using DLT. The range of proposed business solutions is equally broad in range, from capital raising platforms to RegTech solutions, to improved KYC for credit platforms. Singapore introduced Sandboxes for electricity and gas firms, while Australia introduced Sandboxes that included block-chain, energy, health and agriculture. Canada’s Sandbox accepted an ICO (initial coin offering) with accommodation around registration and prospectus requirements. Cryptocurrency and distributed ledger technologies are frequent applicants across the independent Global Sandboxes. Insurance products and money movement at the consumer level are also frequent Global Sandbox applicants. The bottom line is that the range of technologies being accommodated within the GFIN group of countries is broad and exceptionally creative compared to services offered by traditional financial institutions.
Regulators need to truly understand how technology works and be adaptive at a speed that lets its country be competitive globally.
Consultative Group to Assist Poor Countries (CGAP)
One of the more interesting entities to sign on for the GFIN initiative is CGAP. It has members from 57 countries and a mission to advance financial inclusion through practical research and active engagement with financial services providers. With most current Regulatory Sandboxes in high and middle-income countries, they do not struggle with financial inclusion. The CGAP sees technology and the Global Regulatory Sandbox as a significant opportunity to improve financial inclusion particularly in emerging markets and developing economies. These are countries that lack regulatory capacity in terms of adequate resources, staff, expertise and tools. They also have underdeveloped financial market infrastructure compared to first world countries where regulatory bodies are the standard. Regulatory Sandboxes, particularly global ones, can in their view enable innovation to benefit excluded and underserved customers. Examples of this would be the enablement of structures that support mobile money and remote customer identification through biometrics. They are also hoping to leverage and learn from the leadership provided by the GFIN participants.
Professional Responsibility and Opportunity
The Regulatory Sandbox Concept – global or local – is a wakeup call for the legal profession. Regulators need to truly understand how technology works and be adaptive at a speed that lets its country be competitive globally. That equally requires lawyers who advise on these regulations or advocate on behalf of clients to regulators to understand the technology driving the business case. This may require an investment of time outside of the traditional continuing education forums and topics that respective countries’ law societies support. The better we understand technology – the better we can work with regulators, get regulation right and enable clients to leverage the technology. More importantly we need to grasp the positive impact technology combined with optimal regulation can have on global business and quality of life.
Stephen is Toronto based lawyer admitted to the Bars of Ontario, Colorado and Wales and England who has advised on transactions across the globe. With added credentials in Anti-Money Laundering, Privacy and Cyber Security, he is a frequent and passionate speaker on the intersection of technology and regulations. He has held legal and compliance roles in the delivery of financial services for global companies that include Foresters Financial, HSBC, Apptical, Thinktum and Canada Protection Plan and more recently is providing compliance expertise in the banking and life insurance space with a focus on digital initiatives.
[1] Global Financial Innovation Consultation Document, August 2018
