On June 14, 2021, the Securities and Exchange Board of India (SEBI) released an updated version of the Framework for Regulatory Sandbox (RS). The major change in the policy is pertaining to the Eligibility Criteria for the RS. This has been done to enhance the reach and achieve the desired aim of the RS.
On June 5, 2020, SEBI had released the first version of this policy. Under the RS Framework, entities regulated by SEBI would be granted certain facilities and flexibilities to experiment with FinTech solutions in a live environment and on limited set of real customers for a limited time frame.
Highlights of the Revised Framework
- Introduction of Sandbox Testing Stages
Sandbox testing has been divided into two stages.
In Stage-I, SEBI will approve the limited set of users as proposed by the applicant for testing. During the stage-I testing, applicant shall use limited and identified set of users with maximum cap on users based on the requirement of the applicant duly approved by SEBI on case-to-case basis. These users will be required to provide positive consent including their understanding of the risks of using the solution.
In stage-II testing, applicant shall test with larger set of identified users with maximum cap on users based on the requirement of the applicant duly approved by SEBI on case to case basis. These users will be required to provide positive consent including their understanding of the risks of using the solution
- Revised Eligibility Criteria
Since two stages of RS testing have been introduced, SEBI has laid out separate eligibility criteria for each stage.
Stage-I Eligibility Criteria:
- SEBI Registration-The applicant should be an entity registered with SEBI under section 12 of the SEBI Act 1992. The entity may apply either on its own or in partnership with any other entity. In either scenario, the registered market participant shall be treated as the principal applicant, and shall be solely responsible for all aspects of participation in the RS.
- Genuine need to test-The applicant should have a genuine need for live testing the solution on real users. The applicant should provide justification that testing in test environment with test data is not enough.
- Genuine need for relaxation-The applicant should provide justification that the solution cannot be deployed without relaxations in certain regulations being sought.
- Compliance to the objective of the Regulatory Sandbox-The solution should be pertaining to the securities market and should be either new innovative solutions or a solution for performing existing services in better way by improving the existing processes or facilitating inclusion.
- Benefits to users-The solution should offer identifiable benefits (direct or indirect) to the users and/or to the securities market as a whole.
- Testing readiness of the solution-The applicant should have necessary resources to support testing in the sandbox and must demonstrate well developed testing plans with clear objectives, parameters and success criteria.
- Safeguards to mitigate potential risks to the financial system-The solution should have proper risk management strategy to incorporate appropriate safeguards to mitigate and control potential risks to any market participants/users that may arise from the testing of the solution and shall propose appropriate safeguards to manage the risks and contain the consequences of failure.
An applicant is eligible for Stage-II after completing minimum 90 days in the Regulatory Sandbox testing.
Stage-II Eligibility Criteria:
- Adequate Progress-The applicant should demonstrate that they have achieved adequate progress and are on track with their testing plan.
- Compliance to the objective of the Regulatory Sandbox-The applicant should provide justification that they are complying with the objective of the RS.
- Reviews of the Risks observed during Stage-I testing-The applicant should submit the details of the risks observed during stage-I testing along with the steps taken to mitigate those risks.
- Safeguards to mitigate potential risks-The applicant should provide the list of appropriate safeguards to manage the risks and contain the consequences of failure.
- Users feedback-The applicant should present summary of the feedback received from the users participated during stage-I of the Regulatory Sandbox testing highlighting the adverse feedbacks and steps taken to address the same.
- Deployment post-testing-The applicant should present the intention and ability to deploy the solution on a broader scale. To this effect the applicant should share a proposed sandbox exit strategy
- Revised Application and Approval Process
SEBI has added some new clauses to the Application and Approval Process laid out in the initial framework. The new clauses include:
- SEBI shall communicate with the applicant during the course of evaluating the sandbox application, and during the testing phase. The status of the applications shall be published on SEBI website.
- If the applicant is able and willing to meet the proposed regulatory requirements and conditions, the applicant shall be accepted in Stage-I and granted permission to develop and test the proposed Innovativesolution(s) in the sandbox.
- Upon approval, the applicant shall apply for the limited certificate of registration of that particular category of intermediary for which the applicant seeks to test the innovative solution along with a token fees of Rs 10,000.
- Once registration is allotted to the applicant, the application shall proceed towards the “Stage-I Testing Stage”. The applicant shall disclose to its users that the solution shall operate in a sandbox and the potential key risks associated with the solution. The applicant is also required to obtain the users’ positive consent that they have read and understood the risks before any transactions separately for both Stage-I and Stage-II.
- An applicant is eligible for Stage-II after completing minimum three months in the Regulatory Sandbox testing.
- If approved, applicant enters stage-II of Sandbox testing: Applicant shall be able to test on users with maximum cap on users based on the requirement of the applicant duly approved by SEBI. These users will be required to provide positive consent including their understanding of the risks of using the solution.
- The applicant must submit monthly reports as mentioned in the Section: “SUBMISSIONOF TEST RELATED INFORMATION AND REPORTS”. These monthly reports would be reviewed by SEBI. If the progress of the applicant is not satisfactory then, SEBI may revoke the approval to participate in the sandbox.
- Different Evaluation Criteria for both stages
Different evaluation criteria have been introduced for both the stages of the RS.
STAGE-I Evaluation Criteria:
- Profile of the applicant
- Genuine need to test
- Genuine need for relaxation
- Solution should be either new solution or improvement in the existing processes
- Identified benefits to the users and/or the securities/commodities markets
- Compilation of meaningful test scenarios and expected/desired outcomes
- Risk measured/graded testing conditions and parameters so as to ensure safety and protection of the markets/users
- Risk mitigation for high risk testing conditions and parameters
- Appropriate disclosure requirements and protection to their users
- Clearly defined grievance redressal mechanism and user rights
- Adequate disclosure of the potential risks to participating users
- Prior confirmation from users that they fully understand and accept the attendant risks
- Intent and feasibility to deploy the proposed innovative solution post testing
- The withdrawal strategy (in the event the tests are not successful) including for participating users
- Any other factors considered relevant by SEBI
STAGE-II Evaluation Criteria
- Applicant has achieved adequate progress in stage –I testing
- Review of the risks observed during stage –I testing
- Review of the steps taken to mitigate the risks
- Appropriate safeguards to manage the risks and contain the consequences of failure
- User feedback during stage-I testing
- Intent and feasibility to deploy the proposed Innovative solution post testing
- The deployment and monitoring strategy post testing (in the event the tests are deemed successful) or the withdrawal strategy including for participating users (in the event the tests are not successful)
- Introduced Withdrawal Strategy
The Revised Framework includes Withdrawal Strategy from RS. Such a strategy was not present in the last version of the Framework. The applicant shall provide withdrawal strategy which shall be applicable in the event the tests are not successful or applicant wants to discontinue the sandbox testing or SEBI revokes the approval to participate in the sandbox as per the” Revocation of the Approval” clause of this document.
The withdrawal strategy shall include following:
- Process of notification to the existing users regarding the termination of the sandbox testing and informing them on the necessary steps to be taken.
- Settling/ transferring etc. of the current position of the existing users within 15 days of the initiation of the withdrawal strategy, as may be applicable.
- Refund of any dues to the existing users within 15 days of the initiation of the withdrawal strategy.
Read the Revised RS Framework here.
Read the last version of RS Framework here.
