The Financial Conduct Authority (FCA) has set out its initial proposals for a ‘regulatory sandbox’. By extending Project Innovate and its Innovation Hub in this way, the FCA will be allowing businesses to road test new, innovative financial products, services or business models free from some of the normal regulatory consequences of engaging in those activities.

The FCA wants to engage with stakeholders to explore the viability of its proposals and the final operating model for this new unit should be open for firms to start testing in spring 2016.

Key Messages

The regulatory sandbox – The proposal for the “regulatory sandbox” is an extremely interesting idea and very much on message in terms of the UK embracing innovation and FinTech. Potential users will, however, need to understand the application process and permitted parameters.

  • The FCA will set consistent criteria for acceptance into the sandbox.
    • Scope – is the proposed offering a solution for or supportive of the financial services industry?
    • Innovation – is the offering new, novel, genuinely innovative or significantly different to existing offers? The idea must go beyond a simple modification to a financial service or product that already exists (but it probably does not need to reach the sort of inventiveness needed to qualify for a patent).
    • Consumers – there must be a fair prospect of an identifiable benefit to consumers and this must be met throughout the sandbox testing period.
    • Why use the sandbox? – to gain access, innovators must explain the objective behind testing in such an environment and establish a genuine need for use.
    • No substitute – the sandbox is a chance for testing; it is not intended to replace a proper development process, an attempt to understand applicable regulations or use of risk mitigation techniques.
    • Protections – consumer detriment and risks to market integrity will be mitigated as a priority and FCA will agree on the appropriate safeguards with each sandbox firm on a case-by-case basis.
  • A dedicated team will consider sandbox applications and monitor testing.
  • The regulatory sandbox will not adopt a one size fits all approach and should be flexible but it will need to reflect a real life environment and respect legal requirements. A central premise for this statement is a planned differentiation in the FCA’s approach to authorised and unauthorised firms (explored in more detail below).

Other approaches – There is a green light to the industry to advance different approaches from the FCA sandbox – the FCA is keen to support the development of industry-led options and for the industry to act collectively (albeit not anti-competitively) – see Appendix 2 for more information on:

  • private virtual sandboxes, using model data sets for testing outside the “real market”; and
  • private (but not-for-profit) umbrella incubator companies – under which innovators could act as appointed representatives (depending on the regulated activity in question).

Legislative change – The sandbox forms part of what is essentially a two-step approach to innovation; in addition, changes to the Regulated Activities Order and FSMA waiver rules are considered feasible but delivering this will be more long term in nature. However, amendments to the Exemptions Order (SI 2001/1201) and the By Way of Business Order (SI 2001/1177) are unlikely.

The Sandbox Journey

The FCA envisages that the sandbox will require dialogue and feedback between the FCA and the applicant. The FCA maps the approximate journey it anticipates firms will take when using the sandbox (see page 11 of its report, chart 1). In particular, the FCA will agree the basis of a firm’s testing in a bespoke way and will require a final report on the subsequent tests.

A potential advantage of this is that the FCA will, at the end of the program, have engaged with the applicant and had the business model demonstrated to them, hopefully making a full application for authorisation (or, for authorised firms, the addition of a new business line) an easier and better supported process.

An unusual feature of the sandbox proposal is that it is surprisingly free-form. The FCAtypically applies fairly uniform and prescriptive standards to authorisation and supervisory processes and that prescription is notably absent from this comparatively flexible proposal. It will be interesting to see how that pans out.

Authorised Firms and outsource providers

The FCA is considering a variety of methods to give confidence to authorised firms and their providers of outsourced services that enforcement action will not be taken at a later date in relation to testing activities. Firms would still need to follow any agreed conditions set by theFCA through the sandbox.

  • No enforcement action letters (NALs) – to be used where the FCA is reasonably satisfied the testing does not breach its requirements or harm its objectives; FCA may reserve the right to end a test at any point. Potential customer liability unaffected.
  • Individual guidance – this is not new and perhaps the FCA is envisaging once again extending how often this is offered, perhaps with quicker time frames and an easier framework for use. This detail is not clear.
  • Waivers – making more use of the waiver process (see s.138A Financial Services and Markets Act 2000) so compliance requirements are modified to allow what would otherwise be a breach of FCA rules.

These are considered in more detail in Appendix 1 of the report.

Unauthorised Firms

  • For unauthorised firms, the FCA envisages using a tailored authorisation process:
    • Authorisation with restrictions to only permit testing of products and services. Firms must still be able to meet regulatory requirements appropriate for testing (see safeguarding clients below).
    • Firm can apply to proceed to full authorisation in due course, and at such time, firms will need to meet regulatory threshold conditions and other compliance standards to sell products and services to clients – but this would not be a new authorisations process.
    • In some cases, the FCA will be unable to apply a light touch basis of authorisation due to the need for firms to comply with minimum EU legislative requirements, which for some will mean that the direct (albeit tailored) authorisation route will be too onerous for the firm.
    • While similar, this does not replace or extend the banking mobilisation authorisation process.
    • Payment services and e-money have their own light-touch regime and the FCA does not envisage changing these.

Safeguarding Clients

The FCA has prioritised consumer safeguarding and this core protection must be offered while in the sandbox. A range of approaches are mooted but on a general point the scale of testing must always be curtailed to avoid an overall risk to the financial system (see also appendix 4 of the report). The approaches include:

  1. Informed consent – using the sort of approach the pharmaceutical industry might recognise, new solutions would only be tested on clients that have given informed consent, provided such clients have information on risks and available compensation.
  2. Bespoke conditions – the FCA would set the testing parameters on a case by case basis, addressing disclosure, protections and compensation options. These might include a combination of the other approaches or different conditions.
  3. Par with normality – customers would have the same rights as customers doing business with other authorised firms (e.g. access to FOS and FSCS provided the activity falls into their jurisdiction).
  4. Indemnity – businesses in the sandbox would need to compensate losses (e.g. investment loss) and demonstrate the indemnity is backed by capital resources.

Further Comments

We believe that this constructive regulatory mobilisation provides a relative “safe haven” that should be welcomed by businesses seeking to secure early-stage fund raising or to provide some leverage during commercial contractual negotiations. It is a strong indication from the FCA that growing, innovative businesses should not feel they are facing an impossible regulatory hurdle.

This recognition of the particular needs of positive disruptive innovation is a further tentative step towards a more sustainable regulatory position that actually can deliver real benefits for businesses, markets and consumers. It is encouraging to see the FCAuse its mandate to promote competition this way and we are hopeful that more initiatives will be forthcoming.

It is worth noting that the proposals are not just playing to small innovators. Along with suggestions about “private sandpits” and “regulatory incubator umbrellas” (with FCAinvolvement), there is acknowledgment that established firms, accelerators and proven businesses from other industries have the ability to use the sandbox to learn through play.

For those with an international profile, looking for consistency, it is notable that the FCA is working closely with regulators globally with similar initiatives e.g. in the USA, the Consumer Financial Protection Bureau’s Project Catalyst and the Australian Securities and Investments Commission’s Innovation Hub.


The paper indicates certain key performance indicators that can be used to assess whether the proposals will be successful. For example, the sandbox should:

  • reduce the time it takes for innovative ideas to come to market;
  • facilitate better access to credit and funding for innovators;
  • improve consumer outcomes:
    • increase the range of products and services brought to market;
    • ensure appropriate consumer protection safeguards built into offerings before they reach critical mass (with which the FCA is responding to previous criticisms and acting in line with its mandate for earlier intervention); and
    • reduce the regulatory and legal barriers to entry and help firms navigate any immovable obstacles.Next Steps

If you have views on the proposals or believe that the FCA’s regulatory sandbox may be suitable for your business, please do get in touch with Jonathan Rogers.

The FCA is planning a linked event in December 2015 (see here for more details) or feedback can be provided to [email protected].