On 18 October 2016, Bank Negara Malaysia (i.e., the Central Bank of Malaysia) (BNM) issued the Financial Technology Regulatory Sandbox Framework (Framework), which sets out the requirements for participating in the regulatory sandbox (Sandbox). The Sandbox allows regulatory flexibilities to be granted to financial institutions and FinTech companies (Applicants) to experiment with FinTech solutions in a live controlled environment which is accompanied by the appropriate safeguards, for a limited period.

The concept of a regulatory sandbox framework is not new as the United Kingdom, Singapore and Australia proposed it to encourage the development of FinTech innovations. The Bank of Thailand, and Hong Kong Monetary Authority also recently announced their intention to introduce a regulatory sandbox. Save for the United Kingdom's Financial Conduct Authority (FCA), which launched its regulatory sandbox on 9 May 2016, the finalized policy documents for the implementation of the sandbox regulatory framework in Singapore, Australia, Thailand and Hong Kong have not been issued.

Brief outline of the Sandbox

BNM's approach

In considering the FinTech solutions of Applicants, BNM has indicated in its Framework that it will (i) adopt an 'informal steer' approach by providing guidance and advice on the modifications that can be made to the FinTech solutions to comply with prevailing laws; or (ii) permit participation in the Sandbox.

The Sandbox is not intended to be used, and should not be used, to circumvent existing laws. However, if the proposed FinTech solution possesses strong value propositions, BNM may consider relaxing certain regulatory requirements to enable the testing of the solution in the Sandbox.

While BNM has not provided any indication on the regulatory flexibilities which can be accorded to participants of the Sandbox, the Framework provides directional guidance as to the outcomes which BNM intends to achieve. This includes ensuring, among others, sound financial and business practices consistent with monetary and financial stability are preserved; fair treatment of consumers; prevention of anti-money laundering and counter terrorism financing activities and having safe, reliable and efficient payment systems and instruments.

In contrast, the Monetary Authority of Singapore (MAS) has expressly provided that requirements relating to board composition, financial soundness, asset maintenance and credit ratings are matters that the MAS may consider dispensations. On the other hand, requirements relating to confidentiality, fit and proper criteria, handling of customer’s moneys and assets and antimoney laundering / counter financing of terrorism are not negotiable - these are largely in line with the outcomes intended to be achieved by BNM above, with a view of avoiding systemic risks within the financial sector.

The following persons may apply to enter the Sandbox:

  1. financial institutions, and those intending to be financial institutions (Approved Businesses and MSB Licensees); and
  2. FinTech companies (i.e., companies that utilise or plan to utilise technology innovation in the provision of financial services, but excludes a financial institution) which collaborate with financial institutions. In comparison, the United Kingdom adopts a more restrictive approach whereby only persons authorized by the FCA are eligible to participate in their sandbox.

Eligibility criteria

To be eligible, an applicant must demonstrate, amongst others, that:

  1. the FinTech solution is genuinely innovative with potential to improve the accessibility in the provision of financial services, enhance the efficiency of the Malaysian financial institutions, or address gaps or open up opportunities for financing or investment in the economy;
  2. assessments have been conducted to demonstrate the usefulness and functionality of the FinTech solution and identified the risks;
  3. resources are available to support testing in the Sandbox;
  4. a realistic business plan has been formulated for the deployment of the FinTech solution on a commercial scale in Malaysia;
  5. the provision of the FinTech solution is incompatible with prevailing laws; and
  6. persons with credibility and integrity are managing the applicant.

The test on innovation in limb (a) appears to be aligned with the threshold in Singapore as an applicant is merely required to demonstrate that the FinTech solution is genuinely innovative. In Singapore, a sandbox applicant is required to ensure that the innovation is technologically innovative or applied in an innovative way.


BNM has committed to inform an Applicant of its eligibility to participate in the Sandbox within 15 working days of receiving a complete application. This is in contrast to Singapore, where MAS expressed that it will endeavor to inform and Applicant of its potential suitability for a sandbox within 21 working days.

Upon confirmation of an Applicant's eligibility to participate in the Sandbox, and prior to the commencement of the testing period, consultations will also be held between BNM and the Applicants on testing parameters, specific measures to determine the success or failure of the test at the end of the testing period, exit strategies, reporting requirements as well as a transition plan for the deployment of the FinTech solution on a commercial scale upon successful testing and exit from the Sandbox. Upon receipt of BNM's approval, the participants may proceed to start testing the FinTech solution.

The Framework also prescribes for a cooling off period of 6 months before rejected applicants are permitted to resubmit their applications. It is encouraging to see the inclusion of this criterion as it would drive applicants toward refining or, if needed revamping, the proposed solution before seeking to re-apply.

Testing of the FinTech Solution

Participants can operate in the Sandbox for the testing period approved by BNM, which shall not exceed 12 months, unless extended by BNM only where the FinTech solution has tested positively in general and it can be shown that the extended testing period is necessary to respond to specific issues or risks identified during the initial testing.

In contrast, the testing period is 6 months in Australia and 3 - 6 months in the United Kingdom. The longer period provided by BNM should be commended as this allows the FinTech innovations to undergo a more substantial phase of product development and commercialization. This will in turn, assist BNM in more accurately identifying the regulatory issues arising and taking the necessary steps to resolve such issues.

Completion of the testing period

A final report must be submitted to BNM within 30 calendar days from the expiry of the testing period. Thereafter, BNM will consider whether to allow the participant to graduate from the sandbox and introduce its FinTech solution in the market on a larger scale. Where this is allowed, participating FinTech companies intending to carry out regulated businesses, will be assessed based on the applicable licensing, approval and registration criteria under the relevant legislations, as the case may be.


The introduction of the Sandbox should be applauded as it demonstrates BNM’s acknowledgment of FinTech as a catalyst for the development of progressive financial services. It also signifies active involvement on the part of BNM in engaging with the relevant stakeholders. Such initiatives will ensure that the Malaysian financial services sector keeps up with the paradigm shift in the use of technology in financial services, and therefore continues to remain relevant regionally and globally, as demonstrated by the parallels drawn between the Sandbox in Malaysia and those of developed countries such as Singapore, Australia and the United Kingdom.