The background of the regulatory sandbox

The regulatory sandbox is essentially a "reactionary" and "correction" in a certain sense of the overly cumbersome regulatory requirements that have been greatly strengthened after the 2008 global financial crisis. In other words, the regulatory sandbox is a more tortuous way to leave room for financial innovation and create space for financial innovation to maintain the vitality of the financial market and international competitiveness when the relevant laws and rules cannot be revised in a timely manner to "lighten the burden" for the regulatory targets or potential regulatory targets.

Since the Great Depression in the 1930s, the development and evolution of financial regulatory systems and rules in major European and American countries is largely the result of responding to previous financial crises. This crisis-driven/responding financial supervision has two interrelated outstanding features or limitations. First, in the face of public dissatisfaction and public opinion pressure after the crisis, financial supervision is prone to overcorrection, imposing too cumbersome and harsh regulatory requirements on market entities. Second, due to the lagging nature of legal rules, it is often difficult for regulatory rules to follow up in a timely manner when the financial market recovers, thus restricting financial business operations.

The financial regulatory reform after the crisis increased the compliance obligations of financial institutions and changed their business motives and business structure. In particular, the universal banking model is directly challenged by business isolation rules, and the increase in regulatory capital has changed the motivation or ability of banks to issue low-value loans.

Financial supervision in the post-crisis era has catalyzed financial technology from at least two aspects. On the one hand, in the face of more cumbersome and stringent regulatory rules, financial institutions need new technical means to reduce compliance costs and meet regulatory requirements and compliance obligations. This more reflects the "technological" side of financial technology, or the side of serving traditional financial institutions. On the other hand, under the increasingly stringent regulatory rules and environment, the operations of traditional financial institutions have shrunk. Objectively, new business formats are needed to fill business gaps and meet market demand, which more reflects the "financial" side of financial technology, or the competition between financial technology companies and traditional financial institutions.

The theoretical basis of the regulatory sandbox

As a kind of supervision attempt and innovation, the theoretical basis of the supervision sandbox is twofold: one is disruptive innovation, and the other is adaptive regulation. The concept of "disruptive innovation" was put forward by American scholars. It roughly refers to the secondary market or potential users as the target group, and the products or services provided are simpler, more convenient and cheaper than the mainstream market. Innovative activities are easy to be ignored by mainstream enterprises because of the characteristics of “industry” and the uncertainty of initial returns. After disruptive innovators obtain sufficient market development space, they will further change the original structure of the enterprise, gradually erode the high-end market, occupy a larger market share and obtain more profits, and ultimately occupy a dominant market position. Disruptive innovation includes not only technological innovation, but also business model innovation. As long as it meets the requirements of cutting into the non-mainstream market and eventually successfully subverting the mainstream market and changing the rules of competition, it can be called disruptive innovation. By comparison, it is not difficult to find that financial technology essentially meets all the characteristics of "disruptive innovation".

The disruptive and innovative nature of financial technology determines that its supervision must also take into account the two dimensions of "disruptive" and "innovation". On the one hand, conventional regulatory requirements are often unbearable for financial technology start-ups, and it is easy to stifle vitality and hinder innovation. On the other hand, a laissez-faire regulatory stance can easily lead to the brutal growth of financial technology, magnify and infect its destructive nature, and even lead to systemic risks. In this regard, fintech requires some form of adaptive regulation and "regulatory experimentalism."

The basic concept of adaptive regulation is that regulators can not only innovate the content of market rules, but also innovate their regulatory strategies, that is, adjust the decision-making process within their discretionary powers, make decisions quickly and gradually on the basis of more adequate information, so as to adapt to the financial market where the microstructure is constantly changing. In fact, whether it is a single regulatory pilot project or a systematic innovation center (a corporate park that serves financial market compliance and regulatory commissioning), it is a practical application of regulatory experimentalism. FAC opened the "Innovation Hub" in 2014 and launched the "Project Innovation", which is the way to achieve regulatory experimentation, and the regulatory sandbox is the continuation and strengthening of this idea.

The purpose and significance of creating a regulatory sandbox are: (1) shorten the market transformation time of financial innovation and reduce transformation costs; (2) increase financing opportunities for innovative companies; (3) make more products have the opportunity to test and enter the market; (4) enable regulatory agencies to cooperate with innovative companies to ensure that appropriate safeguards for consumer protection are embedded in innovative products and services. The regulatory sandbox is for both authorized firms, known as licensed financial institutions, and unauthorized firms such as start-ups that have not yet obtained financial licenses, and it applies uniform access principles. Similar to the FCA Innovation Center, the access principles of the regulatory sandbox include five aspects, namely, the scope of business (whether the planned new scheme is designed for the financial service industry or support the financial service industry), true innovation (whether the new scheme is novel or significantly different from the existing scheme), consumer interests (whether related innovations are expected to increase consumer interests), actual needs (whether the company has real needs for testing within the sandbox framework), and background research (whether the company has invested appropriate resources to develop new schemes, understand relevant regulations and reduce risks).

Implementation of the regulatory sandbox

Just as financial technology is not a mystery, the regulatory sandbox is not unpredictable. Although the term "sandbox" comes from the computer field with its own exotic flavor, in terms of basic functions, there is no essential difference between the supervisory sandbox and the more familiar concepts of financial innovation pilots and technology business incubators. The difference lies more in the technical aspects such as the scope of the experiment, the form of incentives, and the strength of the policy. Some commentators have summarized the basic operation logic of the regulatory sandbox as follows: within the scope of legal authorization, according to the degree of business risk and impact, and in accordance with moderately simplified access standards and processes, financial technology enterprises are allowed to carry out business tests under limited business licenses using real or simulated market environment. After the test shows that it is suitable for comprehensive promotion, it can further obtain a full license in accordance with the current laws and regulations and be included in the scope of normal supervision.

However, the "pain points" of authorized firms and unauthorized firms are different. The problem for unauthorized firms is that due to the franchise of financial services, if they want to truly understand consumers’ interest in a certain product or service or whether it poses a significant risk to consumers, they must bear high one-time costs to apply for a financial license, so as to actually provide related products or services. Authorized firms and technology firms that provide outsourcing services for them are mainly concerned about the possible response of regulators to the new plan. Their interest lies more in conducting early dialogues, clarifying how the rules apply, and reducing the risk of regulatory agencies taking enforcement actions against them afterwards. To this end, the FCA regulatory sandbox provides very different options for the two.

For unauthorized firms, the goal of the regulatory sandbox is to create a tailor-made access/authorization process so that companies that need to obtain a financial license to test their new products or services can do so. In other words, the sandbox company will first obtain restricted authorization to enable it to test innovative solutions, but it is also limited to this. If the company can later fully meet the regulatory requirements, the restriction can be lifted. This "restricted authorization" model makes the relevant company itself an authorized company, but only needs to meet the authorization conditions proportional to the test activity, and the process is faster than applying for "full" authorization. Afterwards, if the test company wants to fully start commercial operations, it must apply for the removal of restrictions in order to carry out related regulated activities, but there is no need to apply for a new authorization.

For authorized firms, the options offered by the FCA include non-enforcement action letter, individual guidance, and rule exemptions. If technology firms can find authorized firms willing to test their products or services, they can also take advantage of these options. The non-enforcement action letter refers to a statement issued by the FCA stating that it will not take enforcement actions against the testing activities, as long as the relevant companies comply with the conditions agreed upon with the sandbox team in advance. However, FCA reserves the right to terminate the test, and its inaction commitment is only applicable to the period from the issuance of the non-enforcement action letter to the completion of the test or the termination of the FCA. The non-enforcement action letter only involves FCA's enforcement actions, and does not limit the company's responsibilities to its customers. On the basis of the non-enforcement action letter, FCA can further provide individual guidance to testing companies and explain relevant rules applicable to testing activities. The third option is rule exemption, that is, if the test activity does not comply with FCA rules, but meets the statutory exemption standards, and the relevant rules fall within the scope of FCA's exemption authority, FCA can exempt or modify specific rules for sandbox companies.

Preliminary evaluation of the regulatory sandbox

Judging from the subsequent regulatory sandboxes launched by Australia, Singapore, and other countries, the focus and operation details are also different. It is difficult to say that there is a unified practice model. However, with the FCA regulatory sandbox as the basic focus, coupled with the necessary observations of other countries and regions, some preliminary judgments can still be made on the characteristics, supporting requirements, and application limitations of the regulatory sandbox.

First of all, at least so far, the regulatory sandbox is not an inevitable choice or a universal model for fintech regulation. The United States, which has the most advanced financial industry and financial technology, has not adopted the regulatory sandbox model as a whole, but has adopted a more general innovation center model.

Second, most countries and regions that implement regulatory sandboxes have relatively comprehensive financial regulatory systems, and a relatively comprehensive regulatory agency is the main body of the regulatory sandbox. Both the United Kingdom and Australia adopt the "double peak" regulatory model. The British FCA and the Australian Securities and Investments Commission (ASIC) are responsible for the behavioral supervision and consumer protection of all financial institutions; the Monetary Authority of Singapore (MAC) integrates the functions of the central bank and financial supervision.

Third, the regulatory sandbox relies heavily on two-way interaction based on a case. The regulatory sandbox is an experiment for test companies, and it is also an experiment for regulators. It is not only an experiment of financial technology and financial innovation, but also an experiment of regulatory technology and regulatory concepts. Therefore, mutual trust and good communication between regulators and test companies are essential. Whether it is the authorization conditions tailored for fintech companies, the non-enforcement action letter and individual guidance issued to traditional financial institutions, or the different forms of safeguard measures taken to protect the interests of consumers, it needs to be agreed upon by the "cat" and "mouse" one by one based on the specific situation, so they have a strong case-by-case nature and flexibility.

Finally, the regulatory sandbox has obvious applicable boundaries and limitations, which are mainly reflected in rule exemptions and access conditions. As far as rule exemption is concerned, FCA's exemption power is subject to the inspection standards stipulated in the Financial Services and Markets Act, and cannot be exempted from regulatory requirements derived from EU law. As far as access conditions are concerned, sandbox companies must meet relevant authorization conditions before they can actually carry out corresponding financial activities. Although the conditions for limited authorization will be “proportional” to the testing activities as mentioned above, it is only moderately simplified and the threshold still exists, which makes it difficult for companies that want to test certain business models to achieve the initial regulatory requirements for authorization.