At the outset, we would like to congratulate the Securities and Exchange Board of India (SEBI) for taking this positive step towards seeking public comments on an important piece of regulation. As the representative of the information technology industry, we also thank SEBI for this opportunity to present our views and suggestions on the Discussion Paper on Framework for Regulatory Sandbox, which will encourage FinTech to act as an instrument to further develop and maintain an efficient, fair and transparent securities market ecosystem.
Based on inputs from our members and other stakeholders, we have prepared our response, which reviews the various aspects of the draft rules along with our comments and suggestions.
1. Exclusion from sandbox testing
In the draft guidelines, SEBI has provided a list of circumstances under which the solutions/products will not be permitted to be tested in the Regulatory Sandbox. This includes, testing the proposed FinTech solution in an offline test environment before applying for testing in the regulatory sandbox. Failing to meet the limited prior testing of solution should not be a reason to disqualify a participant from entering the sandbox. Most of the FinTech companies especially the start-ups do not have scope for offline testing of solutions before entering or applying for the sandbox.
Suggestion: Limited offline testing of the solution before applying for testing in the regulatory sandbox should be optional for the applicants. There should be a provision for participant firms to test their solutions virtually without entering the real market, if needed. We completely agree with the idea of promoting limited-scale testing of new products in the sandbox, however, there are situations when a test environment does not exist or is barrier in terms of entry into the sandbox. In such cases, there should be a provision for participant firms to test their solutions virtually without entering the real market.
2. Duration of the sandbox testing stage
The duration of the sandbox testing stage is proposed to be a maximum of nine months with a maximum extension (upon request) of three months. While we understand that this time period is greater than the six months’ duration considered as ‘appropriate duration for testing’ by the UK’s Financial Conduct Authority (FCA), it seems to be less in the Indian context given the geographical spread of our country, languages and different levels of access to technology and capital market instruments. Thus, this may not be a viable time frame.
Suggestion: We would like to suggest that applicants should themselves specify the expected time frame for the test and the SEBI should then decide the time frame based on the need to the company. An upper time limit of one year may be provided which should be extendable by another six months based on the merits of such request, if any, from the applicant.
3. Regulatory exemptions
There is a lack of clarity on the legal and regulatory relaxation that would be provided to FinTech companies during the sandbox period. The framework provides a list of requirements that may merit relaxation. It includes, net worth, track record, registration fees, SEBI guidelines, such as technology risk management guidelines and outsourcing guidelines, and financial soundness. While the list is “not exhaustive”, it is not clear what is intended to be covered under “specific regulatory requirements which may be considered for relaxation on case-by-case basis” by SEBI.
Suggestion: SEBI may consider regulations, which enable an effective sandbox and allow it to provide waivers from specific regulations for the sole purpose of testing. As part of the sandbox tools, it can also guide the entity on how the SEBI regulations may apply to the proposed innovation. UK, for example, provides for such tools including – limited authorisation for the purpose of testing, waiver or modification of rules and ‘no enforcement’ action letters. We suggest that SEBI should consider inclusion of these tools to make the sandbox truly useful.
4. Exit strategy
While the proposed framework suggests that the applicant may employ an exit strategy upon completion of testing, it does not outline what should be entailed in the exit strategy.
Suggestion: An acceptable exit and transition strategy should be clearly defined in the event that the
proposed financial service has to be discontinued, or can proceed to be deployed on a broader scale after exiting the sandbox. There should also be an exit plan to ensure a smooth exit from the market in case sandbox participant fails. The companies should have an exit strategy for the pilot run if it has to be terminated without success. This should be presented to SEBI.
5. Submission of information and reports
The draft guidelines says that during the testing period in the sandbox, SEBI may require the participant to submit information relating to the test. The term “information relating to the test” is ambiguous.
Suggestion: SEBI may consider providing an illustrative list of the kind of information that is needed for its regulatory goals.
6. Rights and obligations of the user
The proposed framework says that in the event the user encounters a serious issue or problem while using the solution, the user shall report the same to SEBI, immediately. We are of the view that it is better to have an option for users to send proposals / suggestions / feedback not just in case of serious issues, but for all regulatory concerns. This feedback could be useful for the regulator to take appropriate responses while formulating regulation post exit.
Severe penalty in addition to revocation of approval will be levied on those firms, which implement solutions in the sandbox that are based on Intellectual Property (IP) theft, says the draft rules. IP theft in the context of FinTech may be further detailed by SEBI as software by itself is not patentable in India. However, software can be patented if it is part of an invention that is both inventive and capable of industrial use. Software patents are one of the most contentious issues in Intellectual Property Rights.
7. Need for public consultation
In order to ensure transparency in the regulatory development process through the sandbox, we suggest that SEBI should conduct regular public consultations. While SEBI collects a lot of information as part of regulatory sandbox process, such information is not often made available publicly. SEBI should have a principled disclosure policy, especially when it comes to new regulatory innovations, as it helps all stakeholders to share their views on evolving technology. This norm is adopted in most of the countries and it would serve as an important component in terms of regulatory development process adopted by the regulatory sandbox. For example, in Australia, the Payment Systems (Regulation) Act 1998 requires the Payments System Board (PSB) to conduct public consultations in matters where it proposes the imposition or variation of an access regime or standard. In particular, the PSB is required to publish a notice summarising the purpose and possible effects of its actions, invite people to make submissions within a specified time and consider any submissions that are received.
8. Need to appoint a mentor
Even as the draft guidelines says that SEBI may issue individual guidance to the applicant according to the specific characteristics and risks associated with the proposed solution, we are of the view that ideally a mentor should be allocated to every selected company by SEBI. The move will enable these companies to better understand the regulatory framework and also get hand holding during the different stages of testing.
9. Sandbox approval process
The regulations should provide for a sandbox approval process, which is transparent and has industry participation. We suggest:
1. Application submission (format of to be published by SEBI)
2. Evaluation of the application (a panel should be formed comprising of SEBI and industry representatives. The role of the industry representatives should be to provide inputs on the nature of innovation and the potential benefits to the consumers.)
Publication of approved innovations along with reasons based on which the said innovations were selected.
1. Publication of rejected innovations along with reasons based on which the said innovations were rejected.
2. Publication of progress reports and results of the innovation testing and lessons learnt.