Audit , Big Data Security Analytics , Blockchain & Cryptocurrency
RBI Proposes 'Regulatory Sandbox' Approach to Testing FinTechCentral Bank Looking for Ways to Encourage Innovation
The Reserve Bank of India is proposing that financial technology firms be allowed to test new products and services that might require the relaxation of certain compliance regulations in what's called a "regulatory sandbox" approach.
See Also: Live Webinar | Breaking Down Security Challenges so Your Day Doesn’t Start at 3pm
RBI recently issued a draft framework for the regulatory sandbox approach, based on recommendations from an inter-regulatory committee headed by a former RBI Executive Director Sudarshan Sen. It's not yet clear when the framework will be finalized, based on feedback received.
Some security experts say the regulatory sandbox could help encourage development of new technologies with built-in security.
"Bank CISOs can take calculated risks and experiment with new cybersecurity products tested and validated by RBI with adequate security safeguards," says Bangalore-based Darshan Shanthamurty, founder and CEO SISA Information Security Worldwide.
Goal of New Approach
The objective of the regulatory sandbox approach, RBI says, is to provide an environment for limited-scale testing of a new fintech products and services that may require some relaxation of regulations to enable a wider-scale launch. The tests could help RBI formulate potential changes in regulations.
The regulatory sandbox is potentially an important tool for enabling more dynamic, evidence-based regulatory environments that learn from and evolve with emerging technologies to manage risk and enhance the customer experience, RBI says in a notification.
RBI's draft consultation paper says testing in the regulatory sandbox environment will be limited to 10 to 12 companies working with a limited number of their customers. The regulatory sandbox will enable field tests in a controlled environment that will collect evidence on the benefits and risks of new products and services.
Among the products and services that could be tested are:
- Retail payments, money-transfer services, marketplace lending, digital KYC, financial advisory services, wealth management services, digital identification services, smart contracts, financial inclusion products and cybersecurity products;
- Innovative technologies, including mobile technology applications (payments, digital identity, etc.), data analytics, application program interface services, blockchain applications, artificial intelligence and machine learning.
The proposed regulatory sandbox process would be overseen by the FinTech Unit at RBI. The process would include four weeks of preliminary screening, three weeks of test design, three weeks of application assessment, 12 weeks of tests and four weeks of evaluation by RBI.
During the tests, RBI would consider relaxing certain regulatory requirements, but companies involved in tests would have to meet privacy and security requirements.
Sandboxing Meets Compliance
Shantamurthy welcomes the proposed testing approach, noting that most risks in banking and payment transactions are due to the new products being deployed.
"Regulators in Asian countries, like Singapore, Hong Kong, Thailand, and Indonesia, apart from the U.S. and European Union, have their own fintech sandbox," says Anurag Jain, chairperson of the Digital Lending Association of India, according to Live Mint.
"Most advanced economies have used RS [regulator sandbox] to test the commercial viability and regulatory scope of any new technology," says Mandar Agashe, founder of Pune-based Sarvatra Technology which provides ATM-switch technology, according to the Economic Times.
Anurag Jain, CEO at Kred X, a digital invoice discounting company, notes: "Fit and proper criteria for promoters and directors will prevent unscrupulous operators from entering the RS."
Sriram Natarajan, COO at Quattro, a consulting group for the financial sector, says the proposed approach would enable live testing with actual customers and also help to address the security concerns of bankers.
In its draft paper, RBI says it would require that companies share the results of their early proof-of-concept tests before being allowed to participate in a regulatory sandbox project.
But Natarajan notes that RBI has not yet described the details of how the tests will work. Plus, he says gaining the support of banks to use new fintech products could prove challenging.