The UK’s FCA has released a report assessing the effectiveness of its regulatory sandbox following its first year of operation, in which two cohorts of firms have conducted testing in the sandbox.  The sandbox provides entities the opportunity to test financial services without being licensed.  The report provides an overview of the first year of operation, describes key outcomes of the sandbox, the impact on the market and limitations on testing in the sandbox.  The report considers that the sandbox has been generally successful but notes that there are limitations to the testing environment.

Structure of the FCA’s regulatory sandbox

There are some key differences between the FCA’s regulatory sandbox and those of other regulators, including ASIC’s sandbox.  The FCA’s regulatory sandbox accepts two cohorts per year, with each cohort receiving a six month testing period.  Firms that successfully apply to be included in a cohort receive a case officer to liaise with and submit a final report summarising outcomes of testing.

Importantly, the FCA’s sandbox is open to any firm (including large firms already holding financial services authorisations) to carry out testing or to support another firm that is carrying out testing in relation to regulated financial services activities.  The FCA implements bespoke safeguards for each firm that tests within its sandbox, tailoring capital requirements, systems penetration testing and, in relation to robo-advice, adopting a secondary review of robo-advice by a financial adviser. 

It’s worth noting that this structure is significantly different to ASIC’s regulatory sandbox which does not permit licensees to access the sandbox licensing exemption and imposes the same requirements in relation to insurance, external dispute resolution and other consumer protection obligations on all sandbox applicants regardless of the nature of the business.  ASIC’s regulatory sandbox is currently subject to legislative reform, which will address some of these differences.

Key findings

The FCA’s report details the composition of firms accessing the regulatory sandbox.  Fifty firms were selected for testing across two cohorts and 41 of those firms proceeded to testing.  The majority of testing firms across the two cohorts tested products to be used in the retail banking sector.  Some testing firms were large, authorised firms, however the majority were startups that would otherwise be unauthorised and ineligible to test their products.  The most popular technology employed by participants in the sandbox was distributed ledger technology (DLT), with 17 firms using DLT in some way. 

The report provides several key insights, identified by both participants and the FCA, into the reasons for the success of the FCA’s regulatory sandbox, including:

  • benefits of engagement with a case officer:  The report notes that testing firms were particularly assisted by having a case officer whom they could be in contact with who would explain the regulatory framework, accelerate the path to market and reduce expenditure on external regulatory consultants.
  • reduced time and cost of product launch:  Amongst the indicators of the success of the sandbox were that from the first cohort, 75% of firms successfully completed testing, 90% of firms are continuing towards a wider market launch of their products and a majority of firms have secured full authorisation following testing.
  • testing has facilitated access to finance:  Sandbox firms have indicated that testing provides reassurance to investors due to FCA oversight and increased regulatory certainty.  The FCA found that 40% of firms who completed testing in the first cohort received investment during or following the sandbox testing period.
  • testing has enabled products to be introduced to market:  The FCA identified various benefits associated with testing in a live environment including an opportunity to understand how receptive consumers are to various product features, testing the technology and cyber resilience of the underlying platform, and ensuring adequate controls are implemented to minimise risk of consumer harm.  Amongst the controls to ensure consumer protection are standard safeguards implemented across all products to minimise potential detriment (ie, implementation of an exit plan to ensure the test can be closed down) and bespoke additional safeguards where required.  The FCA found that around a third of firms tested in the first cohort used the testing environment to significantly pivot their businesses.

The report also discusses the market impact of the firms which are testing in the sandbox.  The report makes various findings in relation to the market impact of different technologies, such as the use of biometrics and application program interfaces (APIs) by testing firms, while also discussing the products that firms have tested in particular fields such as insurance mediation and mortgage businesses.  Particular technologies and products discussed at length include:

  • distributed ledger technology:  The report notes that there has been particular use of DLT by sandbox participants to facilitate cross-border payments.  The report finds that while DLT can be used to reduce costs, improve security, create trust and enable services to be provided at greater speed, sandbox participants offering DLT have also encountered challenges.  These challenges include execution time uncertainty, digital currency volatility, liquidity issues, transaction fees and issues around the availability of exchanges.  The report notes that these risks are to be carefully managed if such services are to be provided on a wider scale.
  • increasing access and improving experiences for vulnerable customers:  A number of firms tested innovative business models to address the needs of vulnerable customers.  The FCA has a positive view of these fintech businesses as it considers these businesses address issues of financial exclusion.  The FCA indicated it will be welcoming applications for sandbox entry from such firms.
  • personal savings tools and the use of consumer information:  This has involved the use of innovative methods in personal financial management, savings and investments to incrementally improve users’ saving habits, with the FCA considering that using these tools over a long period of time has the capacity to improve consumers’ future financial positions significantly.  In this area, particularly, the FCA highlighted that data sharing between large firms and fintechs can be mutually beneficial for the firms involved (with the fintech accessing the data of the large firm and the large firm having the benefit of new technology), while also delivering significant benefits for consumers.
  • robo-advice:  The FCA considers that robo-advice is still an emerging field.  Testing firms have had the assistance of the FCA’s Advice Unit, which provides guidance to firms seeking to deliver automated advice and guidance.  Testing firms were also required to build in additional safeguards (ie, qualified financial advisers review the advice produced in a robo-advice context).

Despite the generally successful outcomes delivered by the regulatory sandbox, the report notes that there are certain limitations on what the sandbox can facilitate. 

Key limitations facing firms in the sandbox

In relation to the limitations of testing in the regulatory sandbox, the report particularly notes that:

  • access to banking services:  The FCA found that it was common for testing firms in the sandbox to face denial of banking services, with issues particularly faced by businesses seeking to offer DLT solutions or become payments or electronic money institutions.  The FCA found some applicants faced blanket refusals from certain banks, while there were also inconsistencies within individual banks for dealing with applications from testing firms.  The FCA recognised that this problem was not unique to testing firms and impacted startups generally, but that the effects of such issues could be particularly problematic.  For instance, lack of access to banking facilities could lead to some firms being unable to enter the sandbox to conduct testing, let alone enter the market. 
  • customer acquisition and governance processes:  Acquiring customers for firms testing in the sandbox was a particular issue for small firms without a well-established customer based.  Some firms overcame this by having large firms enter into partnerships with start-ups in the sandbox to provide the start-up with access to a larger pool of potential customers who could test the start-up’s products.  Both large firms and start-ups identified benefits that accompanied such partnerships, with large firms benefitting from innovative technology and improved on-boarding and governance processes from dealing with start-ups in the sandbox (which the FCA considered could be implemented in subsequent partnerships). 
  • consumer data and API integration:  The FCA found that it was difficult for testing firms to go directly to financial institutions and securely gain access required for sharing consumer data.  Additionally, smooth integration with APIs often took longer than expected, with one firm struggling to integrate APIs during the testing period.  The FCA is optimistic this issue will be resolved in the next year as the UK’s Open Banking initiative develops APIs.

The FCA noted that after testing in the sandbox, testing firms are to meet relevant conditions for authorisation (ie, licensing) for activities which they seek to conduct.  This requires that testing firms meet certain regulatory requirements, such as competence and financial viability.  The FCA noted that it can be more complex to assess testing firms against existing authorisation conditions but that, generally, testing firms have been able to clearly demonstrate their capacity to meet the FCA’s conditions.  Some types of businesses (ie, testing firms proposing to be insurers and operate multilateral trading facilities) have had greater difficulty meeting regulatory requirements due to higher levels of regulatory capital being required and more onerous controls needing to be implemented.  Businesses faced with such conditions to authorisation have generally pivoted their business models so that lower regulatory requirements apply.

Observations

The FCA’s report highlights how key features of the FCA’s regulatory sandbox have facilitated access and use of its testing environment.  Key features such as the bespoke approach to authorisation conditions imposed on testing firms, the engagement of a dedicated case officer and the encouragement of partnerships between large firms and testing firms have contributed to the success of the FCA’s regulatory sandbox.  The success of the FCA’s regulatory sandbox is reflected in 41 of 50 firms proceeding to test and 40% of those testing firms obtaining finance during or following tests.  There are undoubtedly lessons to be learned from the FCA’s approach to its regulatory sandbox. 

Unfortunately, the report also highlights the particular challenges which innovative businesses face, particularly in relation to the barriers to accessing banking services.  This is particularly problematic as such an issue could stymie innovative businesses from ever testing their products, let alone launching.  It suggests that regulators and fintech industry bodies may need to educate banks and other account providers on the risks posed by start-ups to ensure that these businesses can access banking services.