Sandboxes seem to be a new regulatory buzz word. The concept is where a financial services regulator allows start-up financial services businesses, that would normally require full authorisation, to pilot innovative FinTech and InsureTech products with lighter regulation or even a complete exemption from regulation.

FinTechs and in particular InsureTechs are innovative businesses which use technology to disrupt the market. For example, cuvva, which provides car insurance by the hour at a click of a few smart phone buttons. As both insurers and brokers can now be seen as primarily data driven, data privacy presents both a hurdle and an opportunity for these start-ups. Data privacy laws undoubtedly add a regulatory layer, but these businesses are so agile, that privacy by design can be built into its systems.

The FCAs sandbox is due to open in the autumn, and the closing date for applications to be one of the first FinTechs to play in there, closed 8 July 2016. A further wave of applications will be permitted from October until January 2017. We will keep a close eye on this first raft of businesses and report back later this year.

This sandbox will offer a range of options: a tailored authorisation process for new firms in the testing phase; individual guidance for firms testing ideas that do not easily fit into the existing regulatory framework and in some cases waivers or no enforcement action letters.

The FCA is unable to waive compliance with data protection law, so no matter what option it agrees with a sandbox player, the ICO may still look dimly on any data security risks.

The Australian Securities and Investments Commission (ASIC) has proposed an Australian Financial Services Licencing exemption to aid the growth of FinTechs by allowing up them up to six months to trial new innovative financial products. There are restrictions: a maximum of 100 clients, with a limit to AUS$10,000 along with a total of AUS$5million collectively, along with availability to liquid products only (deposits and shares). Importantly, there is no mention of relaxation of data privacy laws.

ASIC requested feedback regarding the proposed changes, with a deadline for submissions by 22 July 2016.

The Monetary Authority of Singapore (MAS) is also seeking feedback on its proposed guidelines for its new Sandbox. Examples of areas to possibly be relaxed are: asset maintenance; board composition; financial requirements; liquidity; license fees; management experience; fund solvency, capital adequacy; and reputation. In order to protect consumers certain regulations will not be relaxed, importantly including confidentiality of customer information.

These Sandboxes will hopefully produce exciting and innovative FinTech start-ups, but if those businesses want to find a way to by-pass data privacy laws, it looks like they will be disappointed.