Designed to allow businesses to test financial services innovations in a live environment free from some regulatory consequences, the sandbox is an exciting addition to the Financial Conduct Authority’s toolkit.

Key messages

  • Firms may apply to the sandbox for limited testing of an innovative proposition.
  • Strict eligibility criteria and standards apply.
  • Tests are short-term and on a small-scale, within agreed parameters.
  • Firms still need to meet required authorisation or registration standards.
  • Established incumbent firms, early stage start-ups, challengers and proven businesses from other industries can all apply to use the sandbox.
  • Two groups (cohorts) are operated each year.

The process

The FCA opens its application process for a period of approximately two months. The FCA then assesses applicants – against eligibility criteria and their state of readiness for testing – and notifies applicants. This may take two – three months.

If a proposal is accepted, the FCA starts working with the firm to scope details of the engagement, including the testing plan and receiving a regulatory tool from the FCA. This requires significant input and cooperation from the firm.

  • The test-design phase (from acceptance to the start of testing) takes approximately 10 weeks.
  • A test usually lasts for no more than six months.


Firms were able to apply for the first cohort of the sandbox between 9 May and 8 July 2016. The application process for the second cohort ran between 21 November 2016 and 19 January 2017. Further cohorts are expected.

Firms must complete and submit an application form, explaining the proposition and how it meets the sandbox eligibility criteria. The application form is available from the FCA’s website. Would-be testers can register interest and prepare their proposals now.

The application must show how the proposition is:

  • in scope;
  • a genuine innovation;
  • delivers consumer benefit;
  • needs the sandbox, including which tool and why; and
  • ready for testing.

Being ready for testing is particularly important. An area to consider is that firms must identify and be able to fulfil their major dependencies to begin testing (e.g. securing contractual agreement with a partner, and having a UK bank account).

Who may use the sandbox?

  • Unauthorised firms – to use the sandbox, firms may need to apply to be authorised or registered to test ideas on a limited basis. Once authorised or registered (possibly with restrictions), firms will be able to use the agreed sandbox tools when testing their concept.
  • Authorised firms - may use the sandbox to look for clarity around applicable rules and to test an idea that does not easily fit into their existing regulatory framework.
  • Tech business – those providing services to FCA regulated firms can also apply to the sandbox, e.g. if they need clarity about applicable rules.

Regulatory tools

The FCA will agree a regulatory tool within the testing period, including:

  • Individual guidance – this sets out how the FCA interprets relevant rules in the context of any given test. If a firm acts in keeping with the guidance, the FCA consider that a business has complied with rules to which the guidance relates.
  • Waivers or modifications – the FCA may be able to waive or modify the application of rules.
  • No enforcement action letters – to give firms comfort that as long as they keep to the agreed testing parameters and meet certain regulatory principles, the FCA would not expect to take disciplinary action. The use cases for this tool are limited and untested.

Monitoring sandbox tests

How the tests will be monitored will be agreed. Firms will usually be required to provide weekly reports on agreed areas (e.g. testing milestones, key findings and risk management during testing). The FCA is clearly placing high importance on reporting as it states that it may end the test if the firm fails to submit reports as agreed or for failure to comply with Principle 11 of the FCA Handbook (or Principle 32 of the Payments Services Regulation or Principle 37 of the Electronic Money Regulations and presumably other Rules or Principles for Business) unless addressed in the sandbox tool issued for the firm.

At the end of the test, firms must produce and submit a final report within four weeks. The FCA will give written feedback on the report. This will not be a certification of a business model or sign off on products or services. This will be important to have in mind when moving to unrestricted authorisation. The FCA will publish findings from sandbox testing, respecting confidentiality where relevant.

The Sandbox Journey

The sandbox has a surprisingly free-form approach, with formulaic aspects. A potential advantage of the level of dialogue and co-operation built into the process is that the FCA will, at the end of the programme, have engaged with firms and business models in the cohort. This should make the transition to a non-test environment an easier and better supported process. The sandbox is a complementary treatment, rather than an all-out solution. In some cases, the FCA will be unable to apply a light touch basis of authorisation due to the need for firms to comply with minimum EU legislative requirements, which for some will mean that the direct (albeit tailored) authorisation route will be too onerous for the firm. Added to that, there are existing models for some sectors (e.g. the banking mobilisation authorisation process, the PRA new bank start up unit, and light touch regimes for payment services and e-money). The FCA does not envisage changing these.

Additional information, including details of previous cohorts, is available from the FCA’s website.

You can listen to the FCA’s comments in the FinTech Insider podcast here.