I. INTRODUCTION

Securities and Exchange Board of India (‘SEBI’) vide its circular SEBI/HO/MRD-1/CIR/P/2020/95[1] dated June 05, 2020 (‘Circular’), issued under Section 11(1) of the Securities and Exchange Board of India Act, 1992 (‘SEBI Act’), and Section 19 of the Depositories Act, 1996, has introduced a framework for ‘Regulatory Sandbox’.

II. OBJECT OF THE ‘Regulatory Sandbox’

In the recent years, Financial Technology (‘FinTech’) has transformed the landscape of and access to financial markets and products. FinTech is ubiquitous and is seen in everyday business and consumer transactions, offering loans, trading securities etc. SEBI has, and rightly so, acknowledged the adaption of technology by participants of capital markets, and the growing potential of FinTech to develop and maintain an efficient, fair and transparent securities market. It is in this background and with a view to facilitate promotion of FinTech solution in securities market and to provide a safe real-time testing environment, the SEBI has introduced the ‘Regulatory Sandbox’.

III. WHAT IS A ‘Sandbox’?

The term Sandbox simply means a box used by children to build structures with sand for them to play with. In the technology parlance, Sandbox was conceptualized for testing a software component. To this end, Sandbox can be defined to be an encapsulation mechanism that imposes restrictions on a software component that is being tested in a real-time environment.[2] The purpose of a Sandbox is to enable the testing of the functionality of a component in real-time by imposing certain restrictions, so as to ensure that such component (which is being tested) does not affect the overall functioning of the existing system.

IV. REGULATORY SANDBOX

With the Regulatory Sandbox, SEBI proposes to grant certain facilities/flexibilities to subject entities; on the basis of their application therefor, to experiment their FinTech solution, built for the securities market, in live environment on limited set of real customers for a limited time frame, by ensuring necessary investor protection and risk management.

V. APPLICABILITY

Entities registered with SEBI under Section 12 of the SEBI Act alone are eligible for testing their FinTech solution (‘FinTech Solution’) under the ‘Regulatory Sandbox’. The registered entity may, on its own or by engaging the services of FinTech firm, test the FinTech Solution in ‘Regulatory Sandbox’. However, for the purposes of the Circular, the registered entity alone shall be deemed to be the principal applicant.

VI. ELIGIBILITY

In order to apply for and subject a FinTech Solution to the Regulatory Sandbox, the Circular stipulates that:

1. The FinTech Solution must be innovative enough to add significant value to the existing market variant in Indian securities market. However, the Circular does not stipulate any criteria/method that may be used to validate if and how the innovation in a particular FinTech Solution adds value to the existing market variant in the Indian securities market. In its present form, the Circular suggests that the innovativeness of a FinTech Solution would be left to the discretionary determination of SEBI.
2. There must be a genuine need for testing of the FinTech Solution.
3. The FinTech Solution must have undergone limited offline testing prior to an application pursuant to the Circular.
4. FinTech Solution must offer identifiable benefits (direct or indirect) to the target market participant (either investors, entities or to the capital market at large).
5. The FinTech Solution should contain proper risk management strategy and control potential risk to any user that may arise from testing.
6. The Principal applicant must have the necessary resources, and test plans with clear objectives, parameters and success criteria for the testing.
7. The Principal applicant must demonstrate intention and ability to deploy the FinTech Solution post the testing on broader scale, and must have a ‘Regulatory Sandbox’ exit and transition strategy.
   

VII. APPLICATION AND APPROVAL PROCESS

1. The Entity shall submit an application in the manner as prescribed, to SEBI.[3]
2. Application Stage – Upon receipt of application, SEBI reviews the application, and informs its decision on the suitability of the application for the ‘Regulatory Sandbox’, within 30 working days. If the application is not found to be suitable, i.e., not meeting the requirements of the eligibility criteria, then it shall stand rejected.
3. Evaluation Stage – At this stage, specific regulatory requirements and conditions to be applied to the FinTech Solution is determined by SEBI. If Principal applicant is able and willing to meet the determined requirements, then permission is granted for testing the FinTech Solution in the ‘Regulatory Sandbox’.
4. Testing Stage – Upon being approved, the Principal applicant shall disclose about the operation of the FinTech Solution in a sandbox and the potential risks associated with the FinTech Solution, and obtain the user’s acknowledgment of associated risks, if any. Principal applicant shall guarantee that the user shall have the same protection analogous to the ones participating in the live market. Any material change to the FinTech Solution shall be effected only with the prior approval of SEBI. The Duration of the testing stage shall be a maximum of twelve (12) months and can be extended on request of the principal applicant.
5. The application can be rejected at any stage, for failure to meet the objective of the sandbox or any eligibility criteria. However, the principal applicant can re-apply after meeting the objective and eligibility criteria, after a cooling-off period as may be decided and notified by SEBI.
   

VIII. EVALUATION CRITERIA

The principal applicant is evaluated and scored by SEBI on several parameters including profile of the applicant, usage of novel solution, benefits of the FinTech Solution to the investors etc., as stipulated by the Circular.

IX. REGULATORY EXEMPTIONS

1. Comprehensive exemption from certain regulatory requirements or selective exemptions on a case-by-case basis, may be granted depending on the FinTech Solution to be tested.
2. No exemption / relaxation on maintenance of confidentiality of customer information, criteria on market integrity, KYC, risk check like price checks or order value checks, prevention of money laundering and countering financial terrorism.
3. Possible exemption / relaxation are requirements relating to net worth, track record and financial soundness of applicant, registration fee, Technology risk management guidelines and outsourcing guidelines.
4. Registration granted under Section 12 of SEBI Act, is activity based. To enable cross domain testing of the FinTech Solution by an entity, a limited certificate of registration for the category of intermediary for which the entity seeks to test the FinTech Solution, is granted. Such limited registration facilitates the entity from being subjected to the entire set of regulatory requirements to carry out that activity.
5. After analyzing the application, SEBI may provide the relaxations from various SEBI regulatory relaxations.
6. SEBI has notified SEBI Regulatory Sandbox (Amendments) Regulation 2020, to enable the concerned departments to grant relaxations.
   

X. SUBMISSIONS OF TEST RELATION INFORMATION AND REPORTS

1. During Testing Stage, the principal applicant may be directed by SEBI to submit certain information and interim reports relating to the test.
2. Principal applicant must submit a final report, with the information sought for by SEBI, within 30 calendar days from the date of expiry of testing period.
   

XI. EXTENDING OR EXITING THE REGULATORY SANDBOX

1. Upon completion of the testing period, SEBI shall decide on permitting the FinTech Solution to be introduced into the market or the principal applicant may employ an exit strategy or the principal applicant may seek an extension of testing period.
2. Principal applicant can exit from the ‘Regulatory Sandbox’ by issuing prior notice, in writing, to SEBI.
3. If the principal applicant choses to exit, then it shall ensure that the existing obligation of it users are completely met before such exit.
4. The applicant during and after the testing period shall maintain records (interim reports/final reports and other proper records) for a period of 5 years from the date of completion of the testing period for SEBI to review the same.
   

XII. REVOCATION OF THE APPROVAL

1. SEBI may revoke the approval granted to a principal applicant at any time before the end of the testing period, for the reasons stipulated in the Circular, including but not limited to failure of the principal applicant to carry out risk mitigation, submission of false or misleading information, loss of reputation of the principal applicant, liquidation of the applicant etc.
2. Actions may be initiated as against the principal applicant under relevant regulatory framework for violation regulations by the FinTech Solution.
3. Before revoking the approval, SEBI shall issue prior notice to the principal applicant intimating its proposed revocation, and an opportunity to respond on such notice. However, approval may be revoked with prior notice, immediately, that it is in the interest of principal applicant, the users, the financial system, or the general public.
4. Upon revocation, the principal applicant must implement its exit plan, notify the users, dispose all confidential information, compensate users who had suffered any financial loss, submit report to SEBI within 30 days from revocation, and comply with other conditions of SEBI.

[1] SEBI, Framework for Regulatory Sandbox, (June 05, 2020), https://www.sebi.gov.in/legal/circulars/jun-2020/framework-for-regulatory-sandbox_46778.html

[2] CMU-ISR-16-05, Michael Mass, A Theory and Tools for Applying Sandboxes Effectively, p. 14, Sec. 2.1, 2016.

[3] Application must be submitted to – Chief General Manager, Market Regulation Department-1, SEBI Bhavan, Plot No. C4-A, G-Block, Bandra Kurla Complex, Bandra (E), Mumbai – 400051 or by email at regulatorysandbox@sebi.gov.in.