Feedback on the Draft Enabling Framework for Regulatory Sandbox
At the outset we would like to congratulate the Reserve Bank of India (RBI) for taking this positive step towards enabling a regulatory sandbox and seeking public comments on the proposed framework.
As the representative of the information technology industry, we also thank RBI for this opportunity to present our views and suggestions on the draft Enabling Framework for Regulatory Sandbox which will allow start-ups to test new products, services or business models with customers in a live environment, subject to certain safeguards and oversight. This will serve as an important tool of financial inclusion in the country.
Based on inputs from our members and other stakeholders, we have prepared our response which reviews the various aspects of the draft rules along with our comments and suggestions.
- Eligibility criteria
According to the draft framework, “the target applicants for entry to the regulatory sandbox are FinTech firms which meet the eligibility conditions prescribed for start-ups by the government.” Accordingly, the companies which have been incorporated or registered for over 7 years with the exception of firms in the biotechnology sector – for which the prerequisite is 10 years, and additionally have a turnover of more than Rs 25 crore in any budgetary year since their incorporation or registration, are barred. The proposed regulations exclude FinTech firms who are not start-ups as per the above definition. This would exclude innovation of a collaborative nature between incumbents and start-ups, constricting the efficient functioning of a sandbox. Many start-ups leverage current technology and expertise of incumbents and build around that – most regulatory sandboxes Australia, Canada and EU allow incumbents and in fact Hong Kong only allows established companies.
Suggestion: The scope of the regulatory sandbox should include start-ups and established firms as the objective is beyond encouraging start-ups – it is to encourage innovation with safeguards and oversight. As long as the innovation is intended for the Indian market, it should be eligible.
- Number of FinTech entities to be part of a cohort
While we understand the stand of the RBI to be selective about the FinTech entities participating in the sandbox, we do not agree with the provision in the draft guidelines which says, “the focus of the regulatory sandbox should be narrow in terms of areas of innovation, and limited in terms of intake. The regulatory sandbox shall begin the testing process with 10-12 selected entities…” After our consultation with various start-ups, we are of the view that the number of start-ups engaging should not be capped to 10-12, but to most of the eligible cases. This will allow greater flexibility while shortlisting the participants.
Suggestion: The guidelines should not specify a cap. The criteria and the selection process should determine the eligibility. If more start-ups qualify then that should be welcomed. Issues around capacity in managing the sandbox should be appropriately addressed to meet the requirements.
- Exclusion from sandbox testing
In the draft guidelines, the RBI has provided an indicative negative list of products/services/technology which may not be accepted for testing. These include, credit registry, credit information, crypto currency/crypto assets services, trading/investing/settling in crypto assets, initial coin offerings, chain marketing services and any product/services which have been banned by the regulators.
The RBI had in April 2018 prohibited banks, NBFCs and Payment System Provides in dealing with Virtual Currencies due to the various risks associated in dealing with such virtual currencies. An earlier circular issued in 2013 lists out the risks. These include hacking, loss of password, compromise of access credentials, malware attack, and lack of consumer redress, volatility / speculation, legal concerns and money laundering. Conceptually, a better understanding of the risks can be developed in a sandbox and it can help determine the appropriateness of the safeguards required. Other progressive regulators including UK, allow such innovations to participate in their regulatory sandbox. In any case, products which are prohibited in India will not be permitted in the market, however, it might still be useful to not exclude them for the purpose of sandbox as that can help the regulator develop a better understanding of the risks. The FinTech industry could also participate with an understanding that acceptance in a sandbox would not automatically qualify them for any regulatory waiver.
The regulations aim to exclude other products/ services and technologies which are not otherwise prohibited. Removal of “credit information” as an activity that can be sandboxed potentially inhibits innovation around leveraging alternative data (like utility/telecom payments) for discerning creditworthiness of customers. We are of the view that at a time when credit remains under-penetrated in our economy, this exclusion will foreclose innovation where we need it the most.
Also, the decision to keep cryptocurrencies, trading of cryptocurrencies and initial coin offerings out of the purview of the regulatory sandbox, is still not clear. Since crypto coins and tokens are an important component of the block chain technology, the draft regulations appear to exclude testing of smart contracts and other approved block chain technology under the sandbox.
Suggestion: Products and services which are otherwise not prohibited under regulations should not be excluded from the sandbox. These would include credit information, credit registry and applications of block chain/ DLT etc. Dealing in virtual currencies by banks etc. is prohibited by the RBI. However, these should be permitted in the sandbox with an understanding that participation in sandbox would not entitle them to any regulatory permission. This would be aligned to the objective of enabling innovation with adequate safeguards.
- Criteria for Selection of Participants
The draft regulatory sandbox framework mandates applicants to share the results of proof of concept /testing of use cases before getting admission into sandbox for testing. By virtue of its nature, a regulatory sandbox is supposed to provide a test bed for ideas some of which will take a lot of time to mature and further those final ideas may actually get tweaked from what the original idea was. Thus, mandating applicants to have a tested proof of concept first and a clear exit clause seems to be making too many suppositions and restricting the very process of innovation.
The draft rules additionally require a satisfactory CIBIL or equivalent credit score of the promoter(s)/director(s)/entity. The requirement for such prohibitive mandate is unclear since there is also a separate prerequisite, which says that “the conduct of the bank accounts of the entity as well its promoters/directors should be satisfactory” along with the net worth requirement of Rs 50 lakh. In the Indian setting, a considerable lot of the start-ups, particularly technology start-ups, are driven by students of different educational institutes. For a significant number of them, fulfilling the ‘CIBIL or equivalent credit score’ basis might be troublesome as they might not have ever gotten/ applied formal credit. It is also unclear what a ‘satisfactory’ credit score entails since there are no details given about how this aspect is to be judged.
Suggestion: The criteria should be around (i) significance of the proposed innovation, (ii) potential consumer benefit, and (iii) the difficulty in taking the proposed innovation to the market without the use of regulatory sandbox. In terms of readiness, the applicant should be required to submit a well-developed testing plan with clear milestones and success criteria. In terms of ‘fit and proper criteria’, the applicant should be required to demonstrate that adequate resources to participate and use the regulatory sandbox are available at the entity’s disposal and in case it requires involvement of any other entity – appropriate business contracts are in place.
- The Sandbox Process
The entire sandbox process is divided into different stages which will last for a total period of 26 weeks. While we understand that this time period is almost same as the 6 months’ duration considered as ‘appropriate duration for testing’ by the UK’s Financial Conduct Authority (FCA), it seems to be less in the Indian context given the geographical spread of our country, languages and different levels of access to technology and banking instruments. Thus, this may not be a viable time frame.
Suggestion: We would like to suggest that applicants should themselves specify the expected time frame for the test and the RBI should then decide the time frame based on the need to the company. An upper time-limit of one year may be provided which should be extendable by another six months based on the merits of such request, if any, from the applicant.
6. Risks and limitations
There is a lack of clarity on the legal relaxation that would be provided to FinTech companies during the sandbox period. The framework mentions that one of the limitations of the sandbox may be the inability of RBI to offer any legal waivers. Since regulatory relaxation appears to be a necessary condition for a sandbox experiment and it is a form of (limited) waiver, it is not clear what is intended to be covered by the expression “legal waiver”.
Suggestion: We understand that RBI cannot give regulatory waiver from a law. However, it can frame regulations which are conducive to the enablement of an effective sandbox and also give waivers from specific regulations framed by it for the sole purpose of testing. As part of the sandbox tools, it can also guide the entity on how the RBI regulations may apply to the proposed innovation. UK, for example, provides for such tools including – limited authorisation for the purpose of testing, waiver or modification of rules and ‘no enforcement’ action letters. We suggest that the RBI should consider inclusion of these tools to make the sandbox truly useful.
- Need to appoint a mentor
Even as the draft guidelines cover most of the aspects of the regulatory sandbox, we are of the view that ideally a mentor should be allocated to every selected start-up by the RBI. The move will enable these companies to better understand the regulatory framework and also get hand holding during the different stages of testing.
- Sandbox approval process
The regulations should provide for a sandbox approval process which is transparent and has industry participation. We suggest:
- Application submission (format of to be published by the RBI)
- Evaluation of the application (a panel should be formed comprising of RBI and industry representatives. The role of the industry representatives should be to provide inputs on the nature of innovation and the potential benefits to the consumers.)
- Publication of approved innovations along with reasons based on which the said innovations were selected.
- Publication of rejected innovations along with reasons based on which the said innovations were rejected.
- Publication of progress reports and results of the innovation testing and lessons learnt.
9. Need for public consultation
In order to ensure transparency in the regulatory development process through the sandbox, we suggest that RBI should conduct regular public consultations. This norm is adopted in most of the countries and it would serve as an important component in terms of regulatory development process adopted by the regulatory sandbox. For example, in Australia, the Payment Systems (Regulation) Act 1998 requires the Payments System Board (PSB)  to conduct public consultations in matters where it proposes the imposition or variation of an access regime or standard. In particular, the PSB is required to publish a notice summarising the purpose and possible effects of its actions, invite people to make submissions within a specified time and consider any submissions that are received. Moreover, the PSB is also bound by general notification obligations, which require it to publish notice, and ensure that participants in the payment system are informed of actions involving the imposition or variation of an access regime or standard.
- Set global standards
We propose that the regulatory sandbox should be envisaged as a platform which is utilized by innovators across the world. This would not only help India in adopting new technologies but also equip India to set global standards and best practices in the FinTech sector. UK’s FCA has adopted a similar model and is promoting global regulatory sandbox aimed at solving common cross-border regulatory problems, through tests.
- Virtual sandboxes
We completely agree with the idea of promoting limited-scale testing of new products in the sandbox, however, there are situations when a test environment does not exist or is barrier in terms of entry into the sandbox. In such cases, there should be a provision for participant firms to test their solutions virtually without entering the real market.
 Draft Enabling Framework for Regulatory Sandbox, April 18, 2019, See: https://rbi.org.in/scripts/PublicationReportDetails.aspx?UrlPage=&ID=920