Image source -

This article is written by Vasu Manchanda, a student of Faculty of Law, Delhi University.


Fintech, a term used to describe financial technology, emerged in the 21st century. It applies to any kind of technology employed in financial institutions, which improves the delivery of financial services to the consumers and leads to better financial inclusion. It involves the innovation of new financial products, services, and automation of existing ones by advancement in financial literacy, education, and advice rendered to the customers. It also involves streamlining of lending and borrowing practice, wealth management, fund-raising, retail banking, money transfers, and investment management, among other financial services. 

A Fintech company or startup is one that leverages technologies to offer financial products and services to the consumers. It intends to make the delivery mechanism of financial services more accessible and affordable and provides better customer service. It acts as a catalyst in evolving the financial ecosystem around the world. 

Download Now

With the advent of rapid technological advancements and innovations in the Fintech sector, the laws and regulations are not able to keep pace with it. Fintech laws in India are not adequate to regulate the conduct of novel and innovative Fintech products, services, and technologies. There exists a lacuna. Thus, to fill the void and foster financial innovations, the Reserve Bank of India (RBI), on August 13, 2019, issued the ‘Enabling Framework for Regulatory Sandbox’ after due deliberation, based on the recommendations of the Inter-Regulatory Working Group on Fintech Digital Banking in India set up by the RBI in 2016. 

Regulatory Sandbox

The regulatory sandbox is a framework that allows regulations to develop and keep pace with technological advancements. It provides a controlled regulatory environment to Fintech startups, customers, and regulators. Fintech startups can live-test their new and innovative products and technologies within the sandbox on a real-time basis, subject to supervision, and certain regulatory safeguards. 

It is based on ‘learn by doing’ mechanism and allows for pilot-testing of new products and technologies that face some kind of regulatory barrier in its implementation and/or are not regulated. It enables the regulator to make more efficient decisions based on empirical evidence acquired from real-time product testing and customer experience. 

It is suitable for such Fintech products that require certain regulatory relaxations for testing and seeks to enhance the delivery of financial services. The intent of the RBI behind introducing such a framework is – to highlight an existing gap in the financial eco-system of the country and determine how it can be solved. Its primary objective is to promote innovations by providing a controlled environment with reduced costs and regulatory barriers.

Who can live-test products and technologies?

The eligibility criteria mentioned in the guidelines is technology and product-focused. Startups alone are eligible to be a part of the regulatory sandbox testing process. An entity is considered a ‘startup’ if it incorporated as a private limited company under the Companies Act, 2013, or registered as a partnership firm under the Partnership Act, 1932, or a Limited Liability Partnership firm under the Limited Liability Partnership Act, 2008, and has been in business for not more than seven years. There are certain other conditions also that need to be fulfilled by an entity in order to be recognized as a startup, which is not a subject matter here. However, it is pertinent to note that any entity formed by splitting up or reconstruction of an existing business shall not be considered a startup. This potentially excludes a large section of existing Fintech players in the country from being a part of the regulatory sandbox. 

Other identified eligibility criteria include – net worth of startup should be at least Rs. 25 lakh as per its latest audited balance sheet, satisfactory credit scores, adequate Information Technology (IT) infrastructure, compliance with customer privacy and data protection regulations, proper safeguards to protect data against unauthorised access and disclosure, satisfactory conduct of bank accounts of the entity and its promoters and directors, and the promoters and directors need to be fit and proper as per the criteria laid down by the RBI. 

Working Mechanism

The RBI scrutinizes product and technology testing by a limited number of Fintech startups (usually 10-12) having a shared theme in a single cohort (end-to-end sandbox process). The regulatory sandbox is based on thematic cohorts focusing on financial inclusion products, digital Know Your Customer (KYC), payments and lending, smart contracts, cyber security products, financial advisory services, wealth management services, data analytics, artificial intelligence and machine learning-based applications, and applications under blockchain technologies. A cohort runs for varying periods but should usually be completed within a stipulated time frame of six-months.

It is noteworthy that the applicants (Fintech startups) need to share with the RBI the proof of concept and testing of use cases in order to be admitted to the regulatory sandbox. Testing scenarios and anticipated outcomes need to be clearly defined by the applicants. 

A cohort comprises five stages, each of which is to be monitored closely by the RBI’s Fintech unit (FTU). The stages are as follows:

Stage I- Preliminary Screening 

In this stage, the FTU will receive applications, conduct preliminary screening, and shortlist applicants that meet the specified eligibility criteria. It will ensure that applicants understand and abide by the principles and objectives of the regulatory sandbox. This stage may last for four weeks from the closure of the application window. 

Stage II- Test Design

In this stage, the FTU will finalize the test design through interactive engagement with the applicants. It will also identify outcome metrics for assessing evidence of risks and benefits. This stage may last for about four weeks. 

Stage III- Application Assessment 

In this stage, the FTU will vet the test design and come up with regulatory modifications. This stage may last for three weeks.
                                 Click Above

Stage IV- Testing 

In this stage, the FTU will generate empirical evidence to evaluate the tests. This stage may last for twelve weeks.

Stage V- Evaluation 

In the final stage, the FTU will evaluate the outcome reports of the test. It will be confirmed by the RBI and a decision will be made whether the product or service offered by the applicants is acceptable under the regulatory sandbox.

On approval by the FTU, selected applicants will be authorized to operate in the regulatory sandbox. The RBI will communicate the entire sandbox process to the entities from its launch, selected theme to entry and exit criteria, and products or services found acceptable to be tested under the regulatory sandbox. 

On initiation of the testing process, the selected entities need to report results to the RBI continuingly as per the pre-decided schedule. Further, the RBI, where deemed necessary, can provide apposite regulatory support to the entities by relaxing certain regulatory requirements such as board composition, financial soundness, liquidity requirement, etc, however, they will have to abide by the KYC requirements, privacy and data protection regulations, transaction security and anti-money laundering compliances. They will remain liable to customers for financial products tested. The framework ensures that the risks associated with testing are not transferred to the customers. The Fintech startups are required to take indemnity insurance against the amount to safeguard the interest of the customers for a stipulated period. It is pertinent to mention that no liability shall be borne by the RBI under any circumstances during the testing process. 

Thereafter, upon successful experimentation, the entities must exit the regulatory sandbox while complying with regulatory requirements including but not limited to obtaining specific permits and approvals upon expiry of a cohort and before the launching of the products in the actual market.

Benefits of the Regulatory Sandbox

The regulatory sandbox offers the following advantages to regulators, government, customers, and Fintech startups:

  • Sandbox entities will get an opportunity to test the viability of new products and technologies without the need for an expensive roll-out. 
  • In case of any concerns during the testing period, appropriate changes or modifications can be made by the startups before the product is launched in the market. 
  • It reduces the dependence of regulators on stakeholder consultations and/or feedback by providing a structured environment for evidence-based regulatory decisions. 
  • It can lead to better outcomes for consumers. A wide range of products, technologies, and services can be made available and accessible at reduced costs. 
  • It can improve the pace of innovation and technology absorption in providing financial services in the country. Consequently, it can also promote financial inclusion and improve reach among the masses. 
  • It helps regulators in obtaining first-hand empirical evidence on the risks and benefits of emerging technologies. It enables them to make required regulatory changes or make new regulations to support the upcoming useful technological advancements and innovation. 
  • It helps banks and other financial providers in enhancing their understanding of how new financial technologies work and helps them integrate the same in their business plans and operations. 
  • It helps in receiving valuable feedback from customers. This helps the Fintech startups and the regulator in comprehending the costs and benefits that might accrue to customers from the tested products. 
  • It provides a common platform to the regulator, businesses, and Fintech innovators to communicate. This creates a more cohesive industry. 
  • The risks associated with the financial products and technologies and unintended and unforeseeable implications of using the same can be mitigated. 

Rights of the RBI

The RBI has the discretion to discontinue sandbox testing at any time if an entity fails to comply with pre-specified regulatory requirements, indulges in deliberate or negligent malicious practices, does not act in the best interest of the consumers, or does not achieve its intended objective, based on the expected outcomes and schedule mutually agreed by the sandbox entity and the RBI. 

Further, it is pertinent to note that during and after the successful experimentation of the products, services, and/or technologies of the sandbox entities, the RBI reserves the right to publish any information about the entities that it deems fit on its official website. Information may include any collaboration with international regulatory agencies and/or the purpose of such transfer of knowledge. However, the RBI is not supposed to reveal any proprietary or intellectual property rights related information. 

Suggestions and the way forward

While the regulatory sandbox framework seems viable and promising, there are certain lacunas that the RBI should look into in order to make it more foolproof. A few such plausible suggestions that should be incorporated in the regulatory sandbox are as follows:

Firstly, only private companies that have been in business for not more than seven years, i.e., startups are eligible to be a part of the regulatory sandbox. It is noteworthy that existing Fintech players, global companies and/or Fintech companies doing their operations for more than seven years are also capable of coming up with a new financial product, service and/or technology that might face regulatory barriers or require certain regulatory relaxations for testing and enhancing their delivery mechanism. The RBI should take into consideration such possibilities and either allow them to test their products in the regulatory sandbox itself, or come up with a different regulatory mechanism for them. 

Secondly, while a wide range of themes is eligible to be tested in a particular cohort, initial coin offering and cryptocurrencies, despite being suited for sandbox testing globally, have been excluded. Since the Supreme Court, in Internet and Mobile Association of India v. Reserve Bank of India, has quashed the RBI circular dated April 6, 2018, that prohibited banks and other financial institutions regulated by the RBI from providing financial services to any person dealing in cryptocurrencies, it is now advisable to accept such currencies for the said purpose. 

Thirdly, there are other regulators like the Security and Exchange Board of India (SEBI) and Insurance Regulatory and Development Authority of India (IRDAI) that have introduced their own regulatory sandboxes. Fintech companies are aggregated with wealth management, insurance, investment, and other financial products and technologies, each of which might be regulated by a different regulator. The RBI needs to work in collaboration with all the regulators; otherwise, Fintech startups would face innumerable regulatory barriers and undergo multiple regulatory sandbox testing processes, thereby making the whole testing process inefficient, uncertain, and costly for cross-sectoral fintech innovations. 

Lastly, the RBI needs to lay emphasis on the protection of proprietary and intellectual property rights and personal data of sandbox entities, and ensure that the same does not fall in the hands of unauthorised parties. Compliance needs to be made with the provisions of the upcoming Data Protection Law (currently Data Protection Bill, 2019). It is apposite to mention that clause 40 of the bill states that the Data Protection Authority shall, to encourage innovation in artificial intelligence, machine learning, or any other emerging technology in the public interest, create a sandbox. The RBI needs to work in collaboration with the Data Protection Authority, when it is formed, to ensure that there is no conflict of interest in the testing process of innovative technologies under both the regulatory sandboxes. 

Concluding Remarks

The intent of the RBI is commendable in trying to regulate and give statutory backing to innovative Fintech products, services, and technologies. While the regulatory sandbox framework seems feasible and fool-proof on paper, what remains to be seen is how well it is implemented. There needs to be transparency with respect to the discretion exercised by the RBI in selecting entities for pilot-testing their products in the regulatory sandbox. This would encourage investors and innovators to participate in the regulatory sandbox framework which would foster financial innovations, and give a boost to the Fintech sector. 

LawSikho has created a telegram group for exchanging legal knowledge, referrals and various opportunities. You can click on this link and join:

Follow us on Instagram and subscribe to our YouTube channel for more amazing legal content.


Please enter your comment!
Please enter your name here