What is a Regulatory Sandbox?
14 May 2021
Rebank took part in the FCA Sandbox back in 2018. What happens in a Regulatory Sandbox is largely misunderstood so we talk about it here!
Back in September 2017, participants of the Third FCA Sandbox were announced and Rebank was amongst them. The Regulatory Sandbox is a twice-yearly program that the Financial Conduct Authority (“FCA”) runs where new, innovative ideas can be safely tested allowing the FCA to learn about new technologies in the process.
The work that the early Rebank team focused on during the Sandbox helped us become one of the first startups in Europe to be authorised as an Account Information Service Provider (“AISP”) back in May 2018. That’s the license you need to request secure access to bank data and initiate payments.
The whole experience is still a mystery to some so we wanted to share more about how it went for us and address a few misconceptions.
What the heck is a regulatory sandbox?
The first FCA Regulatory Sandbox was created in 2015 to help the FCA respond to new market innovations. The program selects the most innovative business ideas and then:
Provides a contact to answer questions about the application process
Allows participants to test their product in the market without compromising on customer security
Companies that are selected range from small teams to institutional banks that are either using new technologies in finance (AI, crypto) or working around new regulated activities.
The initiative has two main benefits; it allows the FCA to gather data on how new technologies might affect consumers and creates a new channel for startups to provide feedback on policies and practices.
It is now seen by many regulators as a model that encourages competition in an industry with high barriers to entry. Regulatory sandboxes now exist in Mexico, Australia, Canada, UK, Switzerland, Singapore, Hong Kong, and many more!
Why did Rebank apply?
Some of what Rebank does is new to Fintech. Opening a dialogue with the regulator felt more important than usual for that reason.
We also applied because we wanted to build Rebank with compliance in mind from the beginning. All too often, the regulator is treated as the boogeyman; an empty threat muttered so teams do as they’re told. That wasn’t the way we wanted to work at Rebank — compliance should be ingrained in the way everyone works.
What actually happens in a Regulatory Sandbox
The assumptions made about what happens in a Regulatory Sandbox range from the interesting to absurd. Here are a few we’ve heard:
The Regulator does all the work for you
One misconception is that the regulator does all the work for you. Sadly, this isn’t true.
The first few days of the Sandbox are about getting familiar with the regulation that your product is exposed to. We were guided to documentation and the final application that we’d eventually fill in — this was when it all became real which was quite daunting for a small team but our contact was extremely helpful and explained what was expected of us.
You will be fast-tracked
If you join the FCA Sandbox, the regulator prepares a plan for you to fast-track your authorisation, right?
We created a plan and milestones that we shared with our contact. We arranged check-ins to allow time for questions and so that our contact could track progress against that plan. As schedules and timelines changed, so did the frequency of these check-ins.
Consumers are at greater risk from companies in the Sandbox
Certain license requirements are waived, putting consumers at greater risk!
We were not given an alternative, easier application (sadly). The application process we went through is the standard, arduous application that all companies are required to complete.
However, to mitigate unforeseen risks the FCA adds certain limitations for each participant. In our case, we could only work with ten companies during the testing period. We proposed the limit as it was enough for us to test our hypothesis. That limit can be lifted afterwards through a review process that the FCA carries out.
The final report
Once you validate your hypothesis or the testing period ends you are asked to prepare a final report. This report covers questions around how successful the test was, what you were surprised to find and any next steps.
In our report, we mentioned that the slow reaction of ASPSPs (banks) had a negative effect on the ability of TPPs (non-banks) to launch products. We also shared what we learned about bank aggregation as a value proposition for businesses!
Should you take part in the FCA Sandbox?
There’s little chance of anyone asking but if they did; would we recommend the FCA Sandbox?
It provided early external validation which was a useful way for us to engage with our initial customers. It allowed us to engage with the regulator and learn how to do it effectively, plus we gained a great understanding of what additional responsibilities Fintech companies have when building products!