SEBI Sandbox Regulations Framework: Testing the arms before battle?

Abhishek Iyer comments on the SEBI’s Sandbox Regulatory Framework.

Introduction and Background

Financial Technology [Hereinafter ‘FinTech’] is gripping the world with its sheer offerings of efficiency, transparency, and fairness. India has risen up to this global demand to acknowledge the increasing need to adopt and use FinTech for the beneficial overhaul of the securities market ecosystem. Securities and Exchange Board of India [Hereinafter ‘SEBI’] through the “Framework for Regulatory Sandbox and Guidelines” [Hereinafter ‘Regulatory Sandbox’] finally acknowledges the market innovations and emerging technological convenience that can change the existing capital markets regime. On 5th June, 2020 SEBI issued¹ guidelines in furtherance of the Regulatory Sandbox (Amendment) Regulations, 2020², which now enabled SEBI registered entities to test their latest innovations and technological solutions in a live environment which is real and limited to a defined set of customers.

The Regulatory Sandbox is not a new phenomenon globally, with the United Kingdom adopting it back in 2016³ through the United Kingdom Financial Conduct Authority (FCA)’s Regulatory Sandbox. United States on the other hand had setup a Regulatory Sandbox-like framework in 2019 through the U.S. Consumer Financial Protection Bureau⁴ (CFPB). Therefore, despite the arguable difficulties in enforcement of FinTech products in the capital markets owing to certain policy disbalance, the same is definitely a tested method worldwide though not very widely encouraged. Regulatory Sandbox is a step further to analyse and float a testing ground for new business models and technologies that can benefit investors, markets and the larger economic perspective. In August, 2019, the Reserve Bank of India⁵ came out with the Regulatory Sandbox guidelines which was later followed by the Insurance Regulatory and Development Authority⁶.

This paper intends to analyse the very concept of Regulatory Sandbox in the securities market scenario, its background and the intricacies involved therein along with an analysis of the latest guidelines issued by SEBI which intends to cater the FinTech industry in a manner like never before.

Regulatory Sandbox in all aspects promotes ‘learning by doing’ whereby a first-in-hand experience is given to innovators, regulators to reasonably embark upon the benefits and risks that emerging technologies pose and their implications on the capital markets. The Sandbox is most certainly seen as a strong empirical evidence that the regulators can obtain, in the present scenario, SEBI, in order to satisfactorily support useful innovations and attend the risk factor with caution.

Background:

SEBI constituted a ‘Committee on Financial and Regulatory Technologies (CFRT)’ under the leadership of Shri T.V. Mohandas Pai⁷ to deliberate and examine key FinTech developments, opportunities & challenges, and also examine a Regulatory Sandbox framework that could possibly facilitate smooth adoption of modern day FinTech solutions in the Indian securities market. The CFRT recommendations were seen as a stepping stone into this arena which was aimed at enabling innovations to enter the securities market so as to benefit and overhaul the existing mechanism.

In May, 2019, based on the recommendations received, SEBI issued guidelines for ‘Innovation Sandbox’⁸ which was a similar setup like the updated Regulatory Sandbox, providing a controlled environment to test products but, the main difference was it was offline and included FinTech firms and entities not registered and regulated by SEBI. Innovation Sandbox allowed these entities to create an environment for offline testing of their proposed FinTech solutions in isolation from the live market, which was in pursuance to satisfactory fulfilment of eligibility criteria based on market data made available by the Stock Exchanges, Share Transfer Agents or Depositories.

Later, in a bid to move towards the Regulatory Sandbox framework, SEBI floated a discussion paper⁹ on “Framework for Regulatory Sandbox” to analyse the viability of a Regulatory Sandbox in the Indian securities market context. Regulatory Sandbox is seen as a successor to the offline method of Sandbox which is also known as the Innovation Sandbox. SEBI was wary of the possible regulatory oversight that could happen which may cause damage to investors and probably the entire market. While envisaging a free flowing, error free and seamless platform to test technologies, the Regulatory Sandbox is being deployed with sufficient safeguards and risk mitigation mechanisms. And now, the Regulatory Sandbox was made official through the June, 2020 circular.

Regulatory Sandbox Framework, 2020

This framework is leading by example as to how customer and investor centric developments can be done while testing technology intensive business models that can truly upscale the securities market.

Applicability and Exemptions:

SEBI has made it clear that every entity registered as market participants and intermediaries under Section 12 of the SEBI Act, 1992¹⁰, can be a participant eligible for testing within the Regulatory Sandbox. The registered entity can participate on its own or alternatively use services offered by FinTech firms. Currently, there are no relaxations with respect to the eligibility criteria but, it was recommended that FinTech start-ups and firms who are otherwise not regulated by SEBI should be allowed to participate in the Regulatory Sandbox.

SEBI firmly believes in investor protection and maintaining market integrity. While there are exemptions that SEBI may give depending on specific applications that are made to the regulator however, SEBI has categorically decided that no exemptions would be granted to any participating entity from the Anti-Money Laundering rules and existing Know Your Customer (KYC) norms. It is rather fair to keep these two aspects away since they are core to any model of business that aims at being transparent and user friendly.

Exemptions if any will be taken on a case-by-case basis whereby every such applicant willing to obtain services of the Regulatory Sandbox must seek exemptions individually. However, as mentioned above, SEBI is adamant at fostering the basic intrinsic principle of investor safety and transparency and hence, exemptions relating to Risk checks, Customer’s money & assets, confidentiality of information, etc. will not be compromised. SEBI is open to give certain procedural exemptions too which include on merit relaxation of laid down criteria of Net worth, Track Record, Registration fees and Financial soundness. These aspects that are procedurally important may be relaxed and their ceiling can be brought down by SEBI suitably on an individual basis.

IP protection and indemnity: A miss?

Risk mitigation and consumer protection should definitely be the top priority when it comes to implementation of any new experiments. I do firmly agree with the fact that, no changes should be adverse to market conditions in a manner that affect the investors. Further, there is no direct deliberation under protection on the Intellectual Property of FinTech firms. A practical approach towards implementation of the Regulatory Sandbox warrants for a framework that will ensure confidentiality of the IP being used irrespective of it being owned/operated by the entity or a service extended by external FinTech firms. One of the other missing gaps here is also the direct absence of a mandate to consider appropriate liability or indemnity insurance to safeguard user interest. Assuming a customer agrees to participate in the Sandbox while a FinTech solution is being tested, there has to be a redressal mechanism which will reassure the customer that his participation is safely guarded. Reiterating SEBI’s principles of up keeping investor interests more than anything else, this indemnity clause should be considered by the registered entity before entering the Sandbox for any kind of tests. Thus, it is argued that absence of these two clauses are a clear miss both from the entity and the investor/customer interest point of view.

Eligibility criteria:

SEBI has divided the eligibility into 7-factors. The evaluation of applications are totally weighed upon the ability of the registered entity to portray the below mentioned aspects to its most optimum advantage. Every application is referred to a department which then takes care of the evaluation and judges the suitability of a FinTech innovation to enter the Regulatory Sandbox on the basis of the following criteria:

1. Genuineness of innovation

“The FinTech innovation sought to be tested in the Regulatory Sandbox must add significant value to the existing offerings in the market.”¹¹ It is important to note that, the genuineness aspect has been left wide and very open which can give broad room for interpretation on a case-by-case basis. The flow chart of how an application proceeds when applied for entry into the Regulatory Sandbox makes it very clear that the department in-charge of evaluating these applications have been given discretion.

2. Genuine need to test

This criteria is similar to the first one in terms of evaluation and acceptance of a request. The entity seeking to enter the Regulatory Sandbox should justify its need to test its FinTech developments and must answer why it has to be done on real customers.

3. Limited prior testing

Limited offline testing is encouraged by SEBI, it can be done through the Innovation Box which was seen as a predecessor of the Regulatory Sandbox. Having a strong background of offline testing will certainly add to the need for a test under the Regulatory Sandbox conditions.

4. Direct benefits to users

FinTech innovations are ultimately seen as a tool to simplify the securities market and makeshift the way the markets used to work. SEBI focuses on adding value to the investors or the capital markets at large and hence, only entities that are able to prove identifiable benefits to the investors through their FinTech solutions will be promoted.

5. No risks to the financial system

Risk mitigation and safeguard mechanism for a consequential failure is of immense importance. The evaluation of every application for live testing through the Regulatory Sandbox is a testament of risk controlling or risk mitigation plan that an entity has put in place. After all, investor interests and the overall wellbeing of the market is of prime importance and no risks can be allowed.

6. Testing readiness of the solution

A well-defined operating procedure must be put in place by the entity in order to apprise SEBI of its clear objectives, parameters, etc. involved as part of live testing in the Regulatory Sandbox.

7. Deployment post-testing

This is the last part of the application that signifies a structured plan and strategy put in place by the entity willing to enter the Sandbox. In simpler terms, the deployment part is essentially the exit strategy and the ability of the entity to deploy the proposed FinTech solution on a larger scale once the real-life testing finishes within the Regulatory Sandbox.

Reports and information from the Testing Period

Duration of Regulatory Sandbox testing was about six months initially when the Discussion Paper was floated but now, after NASSCOM inputs on the paper, maximum allowed duration for testing in the Regulatory Sandbox has been capped at a maximum of 12 months which may be extended on an individual basis for another brief period depending on the requests made therein.

SEBI mandates all entities that have tested in the Regulatory Sandbox to submit an elaborate report which will have an exhaustive record of all important statistics relating to the performance of the FinTech tool, challenges faced, findings of the test, performance indicators or milestones, etc. This report has to be submitted within 30 days from the date of expiry of the testing phase allotted by SEBI to every such entity.

The Exit plan of a FinTech innovation after the successful completion of the test period in the Sandbox is extremely crucial. Once the above mentioned reports are submitted and the timeline is adhered of well, SEBI will now determine the future of such FinTech innovation which can be fixed into broadly three possible outcomes¹²:

1. SEBI shall decide on permitting such FinTech innovation to be introduced on a wider scale in real market and the benefits be extended to the entire industry, subject to SEBI’s regulatory and procedural approvals. OR;
2. The entity may employ its exit strategy. OR;
3. The entity testing may seek extension and continue testing.

SEBI’s powers to revoke an approval any time before the end of the testing period:

As reiterated several times in this paper, time and again SEBI has kept it straightforward when it comes to maintaining market integrity and protecting investor money. SEBI has reserved rights to revoke any approval given to an entity for Regulatory Sandbox testing. Largely, on the following instances or grounds, SEBI can recall the powers given to an entity for conducting tests¹³:

• When there is a failure to carry out Risk mitigation.
• Submission of false, incorrect, or inaccurate information and reports in the application.
• If the entity has deliberately concealed of failed to disclose key information to SEBI.
• Failed to comply with directions of SEBI or flouted its regulations.
• If the entity itself suffered reputation loss.
• If the process adopted by the entity during the course of live testing in the Regulatory Sandbox is seen to be contravening with the applicable laws in India.
• Violation of User privacy, flouting of KYC norms
• Risking financial stability
• Theft of IP
• Promoting mis-selling products.

Thus, these are some grounds when SEBI can revoke or recall any application which was originally granted to a market entity registered with SEBI.

Benefits of Regulatory Sandbox

FinTech innovations are acknowledged by SEBI which goes a long way in showing the intentions of the regulator. Having a landmark move like that of introducing innovations to securities market require good backing of data and tangible grounds to believe that it will not backfire.

The following are some benefits that arise out of the introduction and the successful use of Regulatory Sandbox both from the regulator and the testing entity’s point of view:

SEBI gets an opportunity to understand the working of innovations and frame policies that cater to best market practices once the innovations are made available at large.

• SEBI gets to do a comprehensive cost analysis to deploy investor centric solutions in the capital market.
• SEBI can have multiple options of FinTech innovations and study its performance before the best ones and, the most beneficial ones are introduced in the large scale market itself.
• The testing entity gets a first-hand experience at analysing the performance of its FinTech innovation and better understand customer needs because it caters to real customers although in a restricted scenario.
• Businesses run on feedback and FinTech innovations too can be improved manifolds thanks to feedback that can be taken from real time users and the market regulator SEBI itself, once the successful testing of innovation in the Sandbox culminates.
• SEBI can calculate risks and develop sufficient countering mechanisms to ensure that when the original market is facilitated by the innovations, there is little to no damage.
• The innovators i.e. the entities wanting to test in the Regulatory Sandbox also see this as a potential opportunity to try, test, and analyse their product which will immensely help them in their long term goal of providing world class FinTech market innovations that are investor centric, market beneficial, and that of which do not have any major shortcomings.

Limitations of Regulatory Sandbox:

While on the face of it there do not seem to be many limitations apart from the following few which are apparent:

• The exemptions or the relaxation of regulations seem very wide and have been left to the discretion of the department that is evaluating. A very certain limitation for the applicant entity is the unclear directions of SEBI by not providing an exhaustive list.
• SEBI can be a bit more accommodative in terms of clarifying its regulatory goals so that the applicant entity is aware of what it has to do so as to justify the regulatory compliance expectations of SEBI towards the smooth implementation of Sandbox.
• Registered entities who are opting for the Regulatory Sandbox may have the limitation of bearing certain costs to conduct the live testing while without any guarantee of the FinTech innovation being actually approved. So, the return of investment for an entity is uncertain.
• There are no defined parameters or exact basis which the exemptions or relaxations are being granted by SEBI. All the directives seem very wide and open ended.
• The exit plan could have been streamlined well in the sense that SEBI could have left the adoption of a FinTech innovation open on the basis of its market response. SEBI’s final call and intervention in that aspect is far reaching. If the market responds well and the viability is beneficial for the investors and the market, ideally there shouldn’t be any other aspect that should hinder such FinTech innovations from being served to people at large.
• SEBI has stated that certain exemptions and relaxations in terms of the procedural compliance will be given to entities for the testing phase during the Regulatory Sandbox. This is a limitation for the entity because there is no certainty that the same exemptions will be granted in the actual scenario if their FinTech innovation is decided to be introduced in the Securities market.
• Lastly, due to the uncertainty of whether the innovation be accepted or rejected by SEBI, every entity will have a cautioned approach and will be mindful about the consequences of the time, effort, and resources that it plugged in while in the Regulatory Sandbox testing phase. Hence, if there is no clear and transparent formula laid down by SEBI to allow these innovations to hit the actual market, the testing entities will always be mindful of the cost/effort benefit analysis that might not go its way after the test reports are submitted.

Conclusion

SEBI is testing the gun before it reaches the battlefield. In other words, before any FinTech innovations hit the market, this is a wonderful and a very practical checkpoint that entities would love to embark upon in order to understand and yield the desired fruit for their innovations. Since SEBI is the only regulator of everything related to capital markets in India, it would surely want to play safe and vigilant. The Regulatory Sandbox acts as wonderful tool that provides empirical data having evidentiary value that highlight the performance of modern day FinTech innovations. At a pilot stage, you don’t expect the mechanisms to be alive and kicking precisely why, this real life like testing conditions with live customers, SEBI is inviting big players who believe their FinTech innovations have the potential of disrupting the way capital markets worked in India.

The Regulatory Sandbox is a tried and tested mechanism around the world with perhaps its introduction going back to 2016 in the United Kingdom. After that, countries like Canada and United States have followed a similar path to introduce a controlled environment which is real life like but not open to the scale that market intends to cater to. Regulatory Sandbox is a big plus in the Indian context and that can be noted by the RBI and IRDAI’s similar trajectory towards introducing it. While FinTech as a concept is new in India and the market potential can be best utilised when there are real life opportunities given to entities. I personally feel the Regulatory Sandbox is a brilliant mechanism with very limited and extremely calculated risk. As stated earlier, this method of testing innovations that intend to benefit people at large in their trade in Indian securities market allows innovators to ‘learn by doing’. Performing real life tasks and getting real time feedback and performance reports is a definite boost for the end product that the innovators are trying to optimize.

The long list of benefits that accrue of the Regulatory Sandbox and their whole framework is a definite plus for both SEBI and the FinTech innovator/entity. A regulator will definitely look at the best market practices and would prefer to inherit those into his area of business. For SEBI, the Regulatory Sandbox acts as an active tool that facilitates or rather bridges the gap between excellent FinTech solutions and its market worthiness. This method of live testing with real time customers helps the regulator to filter only the best and implement them immediately for the benefit of the investors. SEBI runs along the root principle of maintaining integrity and principles of fairness both towards the market operations and the investors basing which this Sandbox provides for an excellent platform that is tried and tested by innovators who stand up to that regulatory expectations and deliver efficient solutions. I believe the Sandbox method of adopting to technological advancements is the right pathway which is echoed through similar paths followed by the Reserve Bank of India and IRDAI. If three leading regulators back a formula, they are certainly not going wrong.

The flip side of the above arguments is the limitations which although are short-lived and very much solvable but still are a preponderance to entities when it comes to their analysis of resources plugged in for testing vis-à-vis their end goal of hitting the market. It would be great if SEBI plays an accommodative role as a market regulator and does not seem to have overreaching vigilance and provides a breather wherever possible for the innovators in order to suck out the best of FinTech innovations. The limitations w.r.t return of the investment made by the market entity can be guaranteed with a plush and detailed exit plan that SEBI can formulate which is both transparent and fair for the innovators. I do agree to the fact that no entity with its innovation would want to go back rejected despite putting in the best possible efforts, resources, and money into their dream project. Afterall, if the entities find light at the end of the tunnel, they will certainly take Regulatory Sandbox seriously and the performance of their innovations would certainly lead to a bright ray of light whereby the same will be accepted and adopted by SEBI ultimately to be implemented in the Indian securities market.

Thus, to conclude, the Regulatory Sandbox is a solid and well structured base that SEBI has articulated to ensure the best of FinTech innovations reach the securities market. For the ultimate benefit and efficient operation of the capital markets, SEBI’s ‘learn by doing’ approach through Regulatory Sandbox is definitely commendable and I am sure this will lead to better regulatory policies and Indian investors will have the right set of FinTech innovations for their benefit.