Image source -

This article is written by Anand Singh, from the Hidayatullah National Law University (HNLU), Raipur. The article discusses the Regulatory Sandbox framework issued by SEBI for the introduction of FinTech innovations in the securities market.


The Security Exchange Board of India (SEBI) issued a circular on June 5, 2020, introducing the framework on Regulatory Sandbox (‘RS framework’). Under this framework, entities like financial market participants and intermediaries that are registered with SEBI will be given the opportunity to test ‘Financial technology’ (FinTech) solutions on a small number of actual customers in a live and controlled environment for a limited time. SEBI expects that this move would improve the security markets’ efficiency, fairness, and transparency. The purpose is to enhance the growth of financial markets by encouraging and facilitating the adoption and usage of new FinTech solutions. A similar arrangement to use the innovation sandbox was previously proposed by the board on May 20, 2019, for entities that are not members of SEBI for offline testing of their suggested solutions. Later, on February 02, 2021, SEBI issued a revised framework for RS, with certain changes in respect to the earlier circular.

The concept is not new, as the United States implemented the first reported regulatory sandbox framework for financial products in 2012 to stimulate consumer-friendly innovation and entrepreneurship. Following the success of the United Kingdom’s Financial Conduct Authority’s sandbox, which was formed in 2015, this concept was institutionalized internationally. Although the approach is not new, the decision by the Indian regulator is nonetheless timely among non-OECD (Organisation for Economic Co-operation and Development) nations. 

Applicability and exemptions

Only market participants and intermediaries registered under Section 12 of the SEBI Act, 1992 (‘intermediaries’) are currently allowed to test their solutions under the Regulatory Sandbox. The registered entity can either participate on its own or employ services provided by FinTech firms. In both situations, the intermediaries will be considered as the primary applicant and are exclusively responsible for the solution’s testing. There are currently no exemptions to the qualifying criteria, though it was suggested that FinTech start-ups and firms that are not normally regulated by SEBI should be permitted to participate in the Regulatory Sandbox.

Additionally, this stage allows for relaxations and exemptions, either in the form of a complete exemption from regulatory requirements or a selective exemption on an individual basis. The term ‘individual’ here refers to the FinTech solutions that would be evaluated. SEBI is committed to protecting investors and ensuring market integrity. Therefore, the framework has expressly mentioned that KYC (Know Your Customer) and AML (Anti Money Laundering) standards are not omitted. Moreover, the framework also includes a comprehensive set of standards that will not be waived; these standards focus on customer safety, risk management, and ensuring the confidentiality of information. SEBI is also willing to provide specific procedural exemptions, such as a merit-based relaxation of the net worth, track record, registration fees, and financial soundness standards. These procedurally essential features might be loosened, and SEBI can lower their ceilings as needed on a case-to-case basis.

IP protection and indemnity

Participants may have genuine concerns about their technology escaping into the public domain because a sandbox is generally the first live test of innovation. A realistic strategy to implement the Regulatory Sandbox necessitates the creation of a framework that ensures the confidentiality of the IP being deployed, regardless of whether it is owned/operated by the entity or provided by external FinTech firms. However, SEBI, in its 2021 circular on the revised framework for innovative sandbox, has explicitly stated that no claims regarding the IPR of the Sandbox framework will be applicable, as there might be multiple applications with identical concepts in the innovation sandbox. Thus, it is advised that the applicants should consider engaging in an effective confidentiality agreement to preserve their/associated FinTech firm’s IP.

When it comes to implementing new trials, risk minimization and consumer protection should always be the top priorities. In this regard, another gap in the RS framework is the lack of an explicit requirement to establish proper liability or indemnity insurance to protect user’s interests. On the other hand, the RS requires the applicant to seek prior confirmation from consumers that they are aware of the risks associated with employing the solution. If a consumer chooses to participate in the sandbox while a FinTech solution is being evaluated, there must be a redressal mechanism in place to ensure that his interest is properly safeguarded. Thus, to protect the interests of investors, applicants should carefully analyze this indemnification clause and, among other things, consider getting sufficient liability/indemnity insurance.

Hence, it can be said that the omission of these two provisions is an incorrect decision from the standpoint of both the entity and the investor/customer.

Eligibility criteria  

In both the circulars there are some requirements laid down for the eligibility criteria. This section will discuss both the circulars. Further, in the 2021 circular the eligibility criteria is divided into two stages, with certain qualifications under stage II requiring the fulfilment of conditions laid down for stage I.

Circular I

In the first circular, SEBI has structured the eligibility criteria into seven factors. Every application is forwarded to a department, which conducts the examination and determines if a FinTech innovation is suitable for inclusion in the Regulatory Sandbox based on the following criteria: 

Genuineness of innovation

Instead of keeping the standards concise under this factor, SEBI has left it open to interpretation on an individual basis by just specifying that the FinTech innovation must add substantial value to the market’s existing offers. The flowchart provided in the circular, which shows how an application for acceptance into the Regulatory Sandbox proceeds, makes it obvious that the department in charge of considering these applications has been granted discretion.

A genuine need to test

In respect of evaluating and accepting a request, this criterion is identical to the first one. The entity requesting to participate in the Regulatory Sandbox must demonstrate the necessity to test its FinTech innovations on actual consumers and explain why it’s necessary.

Limited prior testing

According to SEBI, the applicant should have conducted some limited offline testing of the solution before submitting it for sandbox testing. A substantial experience in offline testing will likely boost the necessity for a Regulatory Sandbox test. 

Direct benefits to users

SEBI is primarily concerned with adding value to investors and the capital markets in general. The objective of introducing FinTech innovations by SEBI is to simplify and facilitate the growth of the securities market, and reshaping the way markets used to function. Thus, only those solutions will be pushed that can demonstrate identifiable benefits to investors, entities, or to the capital market through their FinTech solutions.

No risks to the financial system

Even when emerging innovations are introduced into the market, the interests of investors and the market’s general wellbeing remain of paramount importance. For achieving this, risk reduction and safety mechanisms in event of a failure are critical. Thus, SEBI has maintained that the solution should include a proper risk management strategy to provide sufficient measures for reducing and managing possible market risks for all market participants/customers that may occur as a consequence of the solution’s testing, and shall recommend suitable measures to manage the risks and contain the failure’s repercussions.

Testing the readiness of the solution

The applicant should have the capacity to facilitate sandbox testing, and they must demonstrate to SEBI that they have well-thought-out testing procedures with clear objectives, parameters, and success criteria.

Deployment post-testing

This is the final section of the application procedure, and it denotes the defined plan and strategy of the entity demanding to enter into the Sandbox. The deployment section is essentially an exit strategy in which the applicant must display the intention and capacity to deploy the solution on a larger scale after the innovation has been successfully tested in the Regulatory Sandbox.

Circular II

The eligibility criteria laid down in the subsequent circular include additional requirements as well as the earlier requirements of the first circular with slight modifications, which are divided into two stages, with later-stage requiring completion of at least 60 days of sandbox testing in stage I.

Stage I – a genuine need to test the solution

This requirement is fairly similar to one of the previous requirements in the first circular. However, under the new criteria, an entity should additionally justify why they need access to the test data, as well as specify the dataset needed.

Stage II – achieving appropriate progress

The applicant must show that they made appropriate progress in stage I and that their testing strategy is on track.

SEBI’s power to revoke an approval

The RS framework provides SEBI with the authority to revoke any application before the conclusion of the testing phase. This power is not discretionary, and some criteria has been established to regulate the board’s authority. The majority of these standards are focused on maintaining market integrity and safeguarding investor interests. In most cases, SEBI can revoke an entity’s test-taking authority based on the following reasons:

  • Failure to implement risk mitigation strategies.
  • Submission of false, deceptive, or erroneous information.
  • In the application, the applicant has suppressed or failed to disclose the necessary details.
  • Contravenes any SEBI-administered regulation, as well as any other relevant laws in India or abroad.
  • If the entity’s reputation has been damaged.
  • The standards of Know Your Customer (KYC) are being undermined.
  • Users’ privacy has been violated.
  • The applicant has put their financial stability in danger.
  • The applicant is indulged in mis-selling products or services.

SEBI has the authority to cancel an entity’s approval if even one of the aforementioned grounds is noticed. Theft of intellectual property was earlier a ground for revocation of approval, but the new circular dismisses even IP protection claims by the applicants. Still, such FinTech firms who have already registered their sandbox ideas for IPR protection might have a safeguard for the theft of their innovations.

Benefits of the Regulatory Sandbox

Implementation of the Sandbox technology in the securities market would have several benefits for the growth of FinTech, as well as provide SEBI with the opportunity to understand how innovations function and formulate rules that are consistent with the best market practices. Some of the key benefits of the Regulatory Sandbox are:

  • To deploy investor-centric solutions in the capital market, SEBI will get the opportunity to conduct a detailed cost assessment.
  • SEBI will have a variety of FinTech technologies and evaluate their effectiveness before introducing the best and most helpful ones into the large-scale market.
  • By having the opportunity to serve actual clients, even if in a limited environment, the testing entity gains the first-hand experience evaluating the efficacy of its FinTech innovation and a better understanding of consumer demands.
  • SEBI can analyze risks and devise appropriate safeguards to ensure that when innovations assist the original market, there is little to no harm.

Limitations of the Regulatory Sandbox

Although the Regulatory Sandboxes do not have any strict limitations they are some minor restrictions in the framework, such as:

  • The allowance of exemptions or regulatory relaxations appears to be rather broad, and they have been left to the discretion of the department reviewing them. SEBI’s vague directives, which do not provide a comprehensive list, are a very real constraint for the applicant entity.
  • SEBI should be a little more flexible in terms of describing its regulatory objectives so that the applicant company understands what it has to accomplish, to justify SEBI’s regulatory compliance requirements for a successful Sandbox deployment.
  • Registered entities who decide to adopt the Regulatory Sandbox may be limited in their ability to afford certain expenses associated with conducting live testing, with no certainty that the FinTech innovation will be allowed. Therefore, an entity’s return on investment is unexpected.
  • SEBI does not have any specific metrics or criteria for granting exemptions or relaxations. Most of the guidelines appear to be fairly broad and open-ended.


Despite its certain limitations, the RS Framework is a positive step forward. It will enable our government agencies to work more closely with FinTech developers and interact with one another’s problems and solutions. Without a doubt, as more experience is gained, these Regulatory Sandbox regulations will evolve. Frequent discussions and information sharing amongst the many government departments would be one of the main aspects for such progress, and, if practicable, the capacity to cross-pollinate innovative ideas and inventions across jurisdictions and regulatory spheres.


LawSikho has created a telegram group for exchanging legal knowledge, referrals, and various opportunities. You can click on this link and join:

Follow us on Instagram and subscribe to our YouTube channel for more amazing legal content.


Please enter your comment!
Please enter your name here