Regulating Fintech in the EU: the Case for a Guided Sandbox

Wolf-Georg RINGE; Christopher RUOF

doi:10.1017/err.2020.8

Regulating Fintech in the EU: the Case for a Guided Sandbox

Published online by Cambridge University Press: 02 March 2020

Wolf-Georg RINGE and

Christopher RUOF

Show author details

Wolf-Georg RINGE: Affiliation:
Professor of Law, University of Hamburg, Institute of Law & Economics; Visiting Professor, University of Oxford; Research Member, European Corporate Governance Institute; email: georg.ringe@uni-hamburg.de.
Christopher RUOF: Affiliation:
Research Associate, University of Hamburg, Institute of Law & Economics.

Article contents

Abstract
Introduction
The case for a regulatory sandbox
Specific proposal
Conclusion
Footnotes
References

Rights & Permissions

Abstract

New financial technology holds the promise of innovation and competition, challenging established products and services and frequently improving market processes. However, regulation of these new services faces a double challenge: to keep pace with innovation and facilitate new market entries while at the same time understanding and managing the regulatory risks that are involved.

At this stage, the existing EU regulatory framework is of little help: the bulk of the present body of financial regulation stems from a different time, with different regulatory problems in mind. EU regulation is also very slow to change and to adapt. Therefore, this paper proposes a regulatory “sandbox” – an experimentation space – as a step towards a regulatory environment where such new business models can thrive. A sandbox would allow market participants to test fintech services in the real market, with real consumers, but under the close scrutiny of the supervisor. The benefit of such an approach is that it fuels the development of new business practices and reduces the “time to market” cycle of financial innovation, while simultaneously safeguarding consumer protection. At the same time, a sandbox allows for mutual learning in a technical field which is sometimes poorly understood, both for firms and for the regulator. This would help to reduce the prevalent regulatory uncertainty for all market participants.

In the particular EU legal framework with various layers of legal instruments, the implementation of such a sandbox is not straightforward. In this paper, we propose a “guided sandbox”, operated by the EU Member States, but with endorsement, support, and monitoring by EU institutions. This innovative approach would be somewhat uncharted territory for the EU, and thereby also contribute to the future development of EU financial market governance as a whole.

Type: Articles
Information: European Journal of Risk Regulation , Volume 11 , Issue 3 , September 2020 , pp. 604 - 629

DOI: https://doi.org/10.1017/err.2020.8 [Opens in a new window]
Creative Commons: This is an Open Access article, distributed under the terms of the Creative Commons Attribution licence (http://creativecommons.org/licenses/by/4.0/), which permits unrestricted re-use, distribution, and reproduction in any medium, provided the original work is properly cited.
Copyright: © The Author(s), 2020. Published by Cambridge University Press

I. Introduction

Regulating new technology is never an easy task. On the one hand, governments frequently want to encourage innovation and new ideas to secure the benefits of new business trends. On the other, new technology may involve a number of risks that are not fully understood by either regulators or consumers.

Nowhere is this more accurate than in the financial sector. The past several years have seen an unprecedented rise of a new breed of financial intermediaries and service providers, usually referred to as “financial technology” or “fintech”. Offering innovative services to consumers, they are a welcome addition to the financial market. However, at the same time they bring new challenges for the current regulatory framework, in particular in the slow-moving EU. Written before the emergence of fintech, the financial rulebook appears to be both over- and underinclusive, as many categories used by it are difficult to match to the activities of this new type of financial player. In addition, rules are often applied differently among EU Member States. The result is a patchwork of different rules and requirements that apply to fintechs, depending on which EU Member State they are operating in, creating great uncertainty not only among market players, but also for the regulators. Apart from idiosyncratic regulatory issues of certain fintech applications, structural changes can be observed. Namely, different from previous occasions, innovation nowadays primarily comes from a magnitude of small players, and not (only) from the incumbent finance giants. Further, innovation now tends to happen in an all-digital setting, causing major problems for the incumbent infrastructure and existing regulatory processes. The increasing use of artificial intelligence (AI) and machine learning is further complicating their task. All of this, taking place in accelerating innovation cycles, elevates the complexity of the financial system to a new level. In this paper, we argue that regulators must react to these changes, as the current legal framework is virtually unable to address these issues adequately.

The challenge is thus to design a regulatory environment that is flexible enough to accommodate new fundamental changes to markets and, at the same time, is able to create regulatory certainty for all market participants. This paper proposes a regulatory “sandbox” as a first step to facilitate this. A regulatory sandbox would allow market participants to test fintech services in the real market, with real consumers, but under the close supervision of the regulator. Most importantly, the sandbox allows for mutual learning concerning new business models, both for firms and for the regulator. This would help reduce the prevalent regulatory uncertainty for all market participants. At the same time, it supposedly provides the required flexibility to react appropriately to unknown business models and risk profiles.

In the EU legal framework, with various layers of legal instruments, installing a sandbox is not straightforward. In this paper, we propose a “guided sandbox”, which should be guided by an interplay between the federal (EU) and national levels. More specifically, it would be the Member States who operate the sandbox, but with endorsement, support, and monitoring by EU institutions. This innovative approach would be somewhat uncharted territory for the EU, and would therefore also contribute to the future development of EU financial market governance.

The article is organised as follows. Section II comprehensively explores the phenomenon of regulatory sandboxing. We first describe the general concept and the promises that are connected with this regulatory tool, and subsequently apply it to the regulatory situation of fintechs. Subsequently, Section III develops these considerations into a concrete proposal for implementation in the EU context. In particular, this includes a difficult navigation through the multi-layer EU framework, resulting in our pragmatic “guided sandbox” proposal. Section IV concludes.

II. The case for a regulatory sandbox

Our main aim is to make the case for a “regulatory sandbox” to cope with new challenges in the financial sector. We argue that a sandbox is, at this stage, the optimal solution, since it fuels the development of innovative services, addresses the majority of shortcomings of the current regulatory framework, and simultaneously ensures consumer protection. No less importantly, it facilitates a mutual “learning process” that on the one hand allows regulators to better assess the risks that are connected with respective fintech firms, and on the other enables fintechs to benefit from the regulator’s expertise in applying the legal framework.

This section is structured as follows: first, we explain what a “regulatory sandbox” is and describe its underlying principles. Subsequently we give a brief overview of existing implementations of regulatory sandboxes. Then, after showing the general benefits of the principle, we illustrate how a sandbox would be a great improvement for the current regulatory situation of financial technology firms and the challenges of the financial sector that are yet to come. Ultimately, we will address the disadvantages of regulatory sandboxing and conclude that we consider it not the ultimate objective, but rather a good and necessary first step towards an improved future regulatory framework.

1. Description and general principle

A good starting point of what the principle of a sandbox is can be derived from its name: a safe playground in which to experiment, collect experiences and play without having to face the strict rules of the “real world”. Whereas the sand of an actual sandbox protects against harm while playing, certain consumer safeguards are established to fulfil that task in its regulatory counterpart. Meanwhile clear entry and exit requirements, as well as a pre-defined scope, display the borders of the box.

Recently this concept has been applied in several (non-financial) areas. A “sandbox” for programmers was established, where potentially unsafe codes could be run and studied, without the risk of infecting the entire system.^{Footnote 1} Recently, the Singaporean Energy Market Authority (EMA) set up a regulatory sandbox to support energy innovations.^{Footnote 2} The term “sandbox” is also used in medicine, where it refers to clinical trials for new methods of treatment.^{Footnote 3} Each of those – and other “sandbox” analogies – have in common that before an (innovative) product is being put on the market, it is tested in a safe environment, where the potential harm is strongly limited and cannot break out of the box to cause widespread damage.

The sandbox, as used in this paper, is a regulatory tool that has recently been explored and tested by various jurisdictions. In the financial sector it – irrespective of its specific implementation – refers to a controlled space in which businesses can test and validate innovative products, services and business models, and delivery mechanisms with the support of an authority for a limited period of time.^{Footnote 4} The risk of harm for consumers is limited through special safeguards, and regulations which normally apply when conducting the respective service are significantly reduced.

2. Concept of a regulatory sandbox

The idea of a regulatory sandbox for financial services was pioneered by the British Financial Conduct Authority (FCA) in 2016.^{Footnote 5} Since then, the idea has seen an unmatched support in all parts of the world. In November 2019 there were more than 24 sandboxes in operation worldwide.^{Footnote 6} While there is clear heterogeneity across jurisdictions, as well as in the specifics of implementation, all versions share common policy objectives – particularly consumer and investor protection, market integrity, financial inclusion and promoting innovation and competition.^{Footnote 7} In the following, we describe parameters common to these sandboxes – although they differ in their implementation.^{Footnote 8}

a. Entry conditions

Each regulator defines certain requirements to determine which firm should be granted access to the sandbox. Aspects of importance usually include: an innovation test, its effect on market stability, individual need for participation (ie regulatory burden on the regular market) and some specific safety requirements that need to be met by the potential participant.^{Footnote 9} The FCA, for instance, publishes a list of eligibility criteria for the upcoming cohort.^{Footnote 10} Interested firms have to explain how they meet those criteria in a form provided by the FCA and apply for testing during a designated time-frame. Other jurisdictions (for example the Netherlands or Poland) do not operate in cohorts, so that firms may submit an application at any time.^{Footnote 11} Also the scope of firms that sandboxes potentially cover varies greatly. There are sectoral restrictions, for instance, based on the scope of the respective regulation authority. For example, Hong Kong’s sandbox, which was established by the Hong Kong Monetary Authority (HKMA), is limited to the scope of the HKMA’s regulatory authority, ie banks and banking activities. The Dutch as well as the UK sandboxes, on the other hand, have no sectoral restrictions. In case of the Dutch sandbox, this is achieved by a cooperation between the Dutch National Bank (DNB) and the Dutch Financial Market Authority AFM (together supervising all financial institutions under the so called “Twin Peaks” model). Differences in scope of the sandboxes can further be observed regarding the treatment of existing regulated entities. While most sandboxes are open to regulated as well as unregulated entities, some regulators refuse entry to regulated entities, therefore solely supporting unlicensed firms, which are mostly start-ups.^{Footnote 12} Furthermore, the sandbox is usually limited to a certain number of participants.^{Footnote 13}

b. Consumer protection/safeguards

Numerous approaches are taken to protect customers who participate in the sandbox testing. The FCA, for example, ensures customer protection on a case-by-case basis with the following standards:^{Footnote 14}

“retail customers – this type of customer should not bear the risks of sandbox testing, thus, they should always have the right to complain to the firm, then to Financial Ombudsman Service and have access to the Financial Services Compensation Scheme (FSCS), if a firm fails”;
“sophisticated customers – depending on the specifics of the trial, and if legally possible, we could consider tests that only engage with sophisticated customers who have consented to limiting their claim for compensation”;
“Additional safeguards – depending on the size, scale and risks from the trial, additional safeguards may be necessary, eg disclosure about being involved in a sandbox test to retail customers”.

In the case of “robo advice” (automated investment advice) for example, an “additional safeguard” was established, which in most cases requires the firm to include qualified financial advisers checking the automated advice outputs generated by the underlying algorithms in order to avoid unsuitable advice.^{Footnote 15}

The Australian Securities and Investments Commission (ASIC) on the other hand – apart from compensation arrangements and disclosure obligations – additionally set up a number of limitations for eligible participants, such as:^{Footnote 16}

the company provides services to no more than 100 retail clients;
the maximum exposure limit for each client is 10,000 AUD; and
the total exposure of all clients is less than 5 million AUD.

There are numerous other restrictions that regulators are able to impose for security reasons. The application of those measures is often at the discretion of the authority. Usually the number or intensity of restriction increases with number of retail clients or the focus of the firm.^{Footnote 17}

c. Timeframe of sandboxing

The testing period for participating firms is in most cases limited to either a standard duration (typically 6 to 12 months) or an individual duration, set on a case-by-case basis.^{Footnote 18} Some sandboxes though are more dynamic and not strictly limited to a specific period.^{Footnote 19} Naturally, the duration is less strictly limited in sandboxes that already have a strict functional limitation (such as limits on the number of customers or a transaction threshold).

d. Relaxation of regulatory burden

When looking at the core competence of the sandbox, namely the relief of regulatory requirements that normally need to be met, a variety of different approaches can be observed. Most authorities do not specify what exact requirements may be waived and which may not. Albeit varying in detail, almost all have in common that they aim at reducing unnecessary and inappropriate regulatory burdens, with a special emphasis on unnecessary.^{Footnote 20} It is true that certain rules can be deemed unnecessary where a specific (formal) requirement is not met by the firm, but its underlying purpose is, or where a risk to be addressed by a rule does not exist with the firm. Some even go one step further and determine on a case-by-case basis the most appropriate and effective form of regulation given the specific risk of the entity.^{Footnote 21} Instruments for achieving that purpose are for instance “No enforcement action letters”, waivers or modifications, alternative interpretation of rules and – no less important – individual guidance. Also some sandboxes, including the Dutch and the UK versions, offer restricted licences for unregulated firms.

Particular considerations apply in the EU context. As opposed to fully sovereign jurisdictions,^{Footnote 22} EU Member States are limited in their ability to waive regulatory requirements, since many elements of the legal framework stem from the EU level and may not be changed at Member State level.^{Footnote 23} Put differently, EU legislation restricts the flexibility of national supervisors and sandboxes in that the national level is not allowed to waive rules stemming from EU legislation.

In that regard, the Dutch AFM and DNB outline a hierarchy for the possible scope of a sandbox.^{Footnote 24} They state that supervisors have most room for sandboxing in terms of their own policies, followed by policies set by the European Supervisory Authorities (ESAs) and national legislation. In terms of EU law, the supervisors’ possibilities are most restricted, only being able to offer tailored options where EU legislation explicitly provides scope to do so.^{Footnote 25} These limitations may explain why certain sandboxes in the EU, such as the Danish one, seem to focus on the clarification of rules and licencing requirements.^{Footnote 26} Other national regulators (not operating sandboxes) even claim to not be authorised to promote individual treatment at all.^{Footnote 27} In those cases, preceding actions by the legislature would be necessary to pave the way for a regulatory sandbox.

e. Exit

In most sandboxes, participants must provide an “exit strategy” as part of their application. The purpose of this requirement is to minimise the potential detriment to participating consumers, and it can therefore be partly understood as an investor protection device. Another aspect regarding the exit from the sandbox is that there are typically specific grounds on which the regulator may remove the privilege, and hence withdraw a firm from the sandbox.^{Footnote 28} Reasons for such an exit may be non-compliance with rules and misconduct or simply the non-achievement of the sandbox’s purpose.

What we can observe from the discussion above is that there is a common ground with regard to the underlying principles of sandboxes across all jurisdictions, while the specific implementation varies. Since the sandboxing phenomenon is still in its infancy, there is not yet much data on the efficacy of the different varying approaches. Therefore, to date, it is not feasible to properly evaluate the effects of each respective design and – on that ground – prefer one approach over another. Against this backdrop, a diversity of approaches should be highly appreciated, as the best way to find the most appropriate approach is still through experimentation.

3. General benefits of a regulatory sandbox

The first and probably most apparent benefit of a sandbox is the reduced time-to-market-cycle, lowering the corresponding market barrier: in tightly regulated areas like the financial sector, firms must meet a list of propositions to conduct their business. This prolongs the development phase, while conversely delaying the start of the business, from which point investments that were undertaken during the development phase can be amortised. Besides, high regulatory market barriers are a common incentive for arbitrage activities in order to circumvent the overwhelming requirements. Discovering and sanctioning those activities is laborious and resource-intensive.

A regulatory sandbox can address these problems: it reduces the time-to-market-cycle by reducing the regulatory burden and uncertainty within a safe space for innovation. Firms can, therefore, usually determine whether their new product is worth being put on the regular market, or not. Also, reducing the time-to-market-cycle mitigates the risk for firms that their (innovative) business model might be copied by a competitor with deeper pockets during a long authorisation process.

The second and maybe even more important benefit of a regulatory sandbox is the implementation of an “institutionalised” dialogue between the regulator and firms. This dialogue enhances a mutual learning process that strongly benefits both regulators and regulated firms.^{Footnote 29} The sandbox provides a platform, on which regulators and innovators naturally engage with each other. Whenever new, potentially disruptive, technologies emerge on the market, the authorities need to assess the risks as soon as possible and decide whether the incumbent rules are suited to those risks or may rather be an unnecessary burden. In order to fulfil that task properly, collecting reliable data is of crucial importance.^{Footnote 30} In this regard, digitalisation has huge potential, as almost every part of the respective process is automatically being saved in the provider’s system. This, in connection with advancements in technology and computing power, even renders “real-time” supervision possible. A regulatory sandbox would be a good platform on which to test and establish such systems. Ideally, in this way risks could be identified and addressed at a very early stage, as opposed to making hasty decisions after a risk materialised.^{Footnote 31} New firms, on the other hand, benefit from the dialogue by receiving support from regulators in complying with the rules, and potentially more proportional and tailored rule-interpretation.

Adding the instruments of the sandbox to that dialogue, the sandbox is able to reduce a large portion of regulatory uncertainty that is often prevalent among providers of new technology. More than that, within the sandbox, the regulator provides clear, suitable and appropriate (and eased) regulatory requirements for the firms, which might not only eliminate constraints for firms, but even encourage them to experiment within that (normally) legally uncertain “grey zone”.

Reducing the above-mentioned market barriers therefore holds the promise of fuelling innovation by incentivising experimentation with new technologies. This incentive becomes even stronger when one considers the positive signalling effect a sandbox creates through communicating regulatory flexibility and open-mindedness towards new technologies and innovative firms. This effect can already be observed in the UK: the FCA sandbox has been credited with contributing to London becoming the foremost fintech hub in the world.^{Footnote 32} Strengthening innovative forces can ultimately lead to more competition and put pressure on incumbents, which may be especially desirable in highly-concentrated industries.

Zetzsche and others furthermore point out the positive external effects that regulatory sandboxes could entail.^{Footnote 33} First, they could incentivise incumbent firms to accelerate their digitalisation process. Secondly, they may even boost regulatory competition among jurisdictions as to which one is to become the pre-eminent fintech hub.^{Footnote 34}

4. A sandbox for financial technology

Having explored the benefits of a regulatory sandbox in general, we now proceed to explore why such a tool would provide a good complement to EU financial regulation, more specifically to the regulation of financial technology. A regulatory sandbox would help both regulators and innovators and would thus ultimately be an important step towards a more flexible and sound regulatory ecosystem.

As shown by numerous contributions from academia, as well as public authorities, one major issue in the context of the regulation of fintech is regulatory uncertainty.^{Footnote 35} This relates to both the sheer magnitude of regulations that new start-ups in the financial sector have to navigate in order to be licensed, and also to many ambiguous categorisations in the law that make it extremely difficult and costly to successfully complete the regulatory journey.^{Footnote 36} One obvious reason is that those laws were written at a time when most of the presently rising fintech applications did not exist. As a result, several innovative fintechs are hard to fit into those categories, or rules conflict with the digital setting of their services. Moreover, as opposed to previous innovations in finance, some fintechs have the potential to prompt structural changes in the financial landscape and, to a certain degree, this process has already begun. Consequently, regulators need to assess what kind of risks this involves and – in a second step – whether those risks can be properly handled by the existing framework. Until this process is completed, new fintech applications often find themselves in a regulatory “grey zone”, marked by great uncertainty on both sides, that of regulators and of the respective fintech firm. From a regulatory perspective, this implies potential risks for consumers of a macroprudential nature. For fintechs and potential innovators, as well as investors, uncertainty constitutes a huge market barrier, ultimately preventing innovation from happening (in the EU). In the following we will show how a regulatory sandbox addresses the majority of those problems, while avoiding premature changes in “hard law” regulation. As we will see, many problems are directly addressed through the sandbox; for some, however, a ready solution is not immediately at hand. Nevertheless, they may be addressed in an indirect way, since the established dialogue and the corresponding learning-process build up the grounds for adequately addressing those problems in the future.

a. How a sandbox benefits fintechs

The most prevalent market barrier that has been identified by commentators and fintech firms themselves appears to be regulatory uncertainty.^{Footnote 37} This uncertainty is mainly a result of unfitting categories within the law, or rules that are not technology-neutral. In related work, we illustrate this uncertainty in the case of robo advisors applying MiFID obligations on investment advice to their automated service.^{Footnote 38} Given that small start-up firms typically lack sufficient regulatory expertise, this uncertainty turns into a major problem and constitutes a huge market barrier for fintechs and potential innovators. Reducing this uncertainty hence appears to be one of the regulatory sandbox’s key attractions.

Before beginning to test in the sandbox, each participant is provided with the exact rules of the game and precise instructions, leaving no room for uncertainty. Within the sandbox, regulators may help firms to navigate through the EU legislative framework which compensates for the participants’ lack of expertise. The “Lessons Learned” Report, published by the FCA in October 2017, indicates that the British sandbox successfully met those objectives – based on feedback from former sandbox participants as well as the fact that a vast majority of participants continued towards a wider market launch following the test phase.^{Footnote 39} Even after exiting the sandbox, the preserved dialogue and the presumably good relationship between regulator and regulatee make it straightforward for fintechs to seek clarification when encountering any problems with applying legal rules (such as KYC or AML requirements or issues with data protection and cybersecurity). Under the operation of a sandbox, both can identify rules that may be at odds with the specific service provided by the firm. Together, different approaches to those propositions can be tested with a view to identifying the most effective and also most cost-efficient way of complying.

Secondly, sandboxes would reduce the time-to-market cycle by smoothing the authorisation process. Under the current framework, most fintechs have to go through a heavily time-consuming and costly authorisation process. However, the barrier to become part of a sandbox is significantly lower. Firms are typically able to enter the sandbox with a restricted licence that is more suited to their particular service and consequently much easier to obtain. Additionally, the strong support by the competent authority makes identifying and complying with respective rules much faster and more cost-efficient. After successfully exiting the sandbox, firms should be able to benefit from the knowledge they gained from the dialogue with the authority, such that they are better equipped to face the (full) authorisation process. Effectively, the sandbox would significantly smooth the entrance for small firms to the financial market.

Thirdly, an early close supervision ensures safety for consumers. The sooner regulators engage with a certain innovation, the better they are able to identify and address risks for consumers and the system as a whole. Also, fintechs get the opportunity to adapt their service in accordance with the concerns of regulators at a stage where the costs of adaptation are still reasonable. Early on, sound supervision in combination with transparency and enhanced communication with all market participants are further able to create trust and mitigate scepticism towards some digital-based financial services.^{Footnote 40} This also makes technology firms potentially more attractive to investors, who can – as a result of the sandbox – also more accurately assess the risk of their investment.^{Footnote 41} In sum, a sandbox could help consumers to better assess the quality and characteristics of a fintech application, while enabling investors to more efficiently allocate their investments. Done properly, this creates trust in the market and thereby contributes to the functioning of the system as a whole. In its “Lessons Learned” Report, the FCA states that testing in the sandbox has helped facilitate access to finance for participants.^{Footnote 42}

b. How a sandbox helps regulators

As numerous publications show, there are – especially macroprudential – risks that accompany the emergence of financial technology.^{Footnote 43} Although most of them are not yet acute, when looking at the dissemination and growth of fintech, they have to be taken seriously. To date, the lack of (good) data makes it hard for regulators to properly assess those risks.^{Footnote 44} Simultaneously there is the unpredictable development of AI and machine learning.^{Footnote 45} In those regards, a regulatory sandbox entails great opportunities. Testing all different kinds of innovative fintech applications in a safe space makes it possible to collect a huge amount of data. Due to the all-digital-functioning of the participants, every action and every outcome can be preserved in the system of the regulator. Looking at the prevailing risks, data is and will even more be the most valuable and essential resource for regulators. They should, therefore, seize the opportunity and find ways to make use of the (potential) multitude of data as soon as possible, for instance with the help of Regulatory Technology (“RegTech”)^{Footnote 46} or Supervisory Technology (“SupTech”).^{Footnote 47} The same technologies that are harnessed by fintech firms could also be used to improve supervisory efficiency. For example, DLT-based reporting systems could potentially allow supervisors to monitor actions of market participants in real-time.^{Footnote 48} The sandbox provides the perfect platform for collecting data in any kind of fashion. Survey and empirical research could, for example, be supplemented by interviews and consultations with employees of fintechs, not only with regard to compliance, but also to technical issues or the business model. Agencies could also take that opportunity to simulate different market scenarios within the sandbox and assess the reaction of algorithm-based fintechs. Here the predictability of all-digital, algorithm-based services (as opposed to individual human reactions) can be of great benefit. With regard to structural changes and future developments in the financial market, the sandbox’s key characteristic is its flexibility and early-on engagement. This allows regulators to more quickly identify important trends and corresponding risks, and which the sandbox provides the necessary flexibility to react to.

However, it seems that regulators struggle not only with the assessment of (future) risks and corresponding questions of appropriate legal design, but also when applying the existing legal rules.^{Footnote 49} In this context, the enhanced knowledge about sandboxed technologies, facilitated by the institutionalised dialogue, should be able to establish some certainty in applying the current legal framework. In the end, removing uncertainty on the side of the regulator is a necessary first step for addressing regulatory uncertainty among sandboxed firms.

c. How sandboxes benefit consumers and contribute to their protection

As the sandbox framework enables firms to manage regulatory risks during the testing stage, more innovative products can potentially be introduced to the market. Those products have, among other things, the potential to be cheaper, more efficient and more convenient for consumers. Obviously, an authority that is more experienced in risk assessment and better at addressing new risks (as described above) is also in the interest of investors. In the current situation, the regulatory framework can be under-inclusive, putting consumers at risk when using innovative (unchecked) services.^{Footnote 50} By providing tailored regulatory treatment, a regulatory sandbox could fill those gaps and give consumers the opportunity to make use of innovative new services, without the risks of detriment that could otherwise occur. Hence, the benefits that we identified for the regulator are likewise beneficial for consumers in the long run.

Conversely, this “consumer benefit” also displays an upside for fintechs: ensuring consumer protection by adequate, prudently developed regulation creates trust in new technologies, consequently stimulating demand for those products. Higher demand on the other hand fuels innovation, which is again in the consumer interest.

d. How a sandbox can support financial stability

Financial markets are frequently highly concentrated and lack competitive pressure from new entrants. Apparently, high market barriers are one major reason for this. Recent years have seen regulators around the globe placing an increased focus on competition and innovation objectives. The emergence of regulatory sandboxes can partly be seen as a consequence of that development. By lowering barriers to entry, creating trust in new financial products and making new firms more attractive for potential investors, the sandbox fosters competition in the respective market.

Despite the issue of whether this will actually lead to more diversity in the sector, positive effects of competitive pressure from new entrants can in fact already be observed through incumbent financial institutions setting up innovation labs and putting resources into digitalisation in order to defend their share in the respective market.

Finally, a sandbox will help regulators to deal with rising threats for financial stability, such as side effects of AI and machine learning (see above). It is highly recommended to keep pace with those issues, starting at the very beginning of their development, otherwise it might be impossible to come back on track.

Having applied the benefits of a regulatory sandbox to the case of fintech, we can observe that many benefits and interests are often highly correlated. For example, the dialogue between firms and regulators will not only promote innovation on the side of firms (by making it easier for them to comply with applicable regulation), but will also improve regulators’ understanding of new technologies, contributing to consumer protection and financial stability. Not less, it can strengthen the trust of the consumer towards those technologies. Also, fuelling innovation on the one hand benefits consumers by providing better or cheaper products, while on the other hand has the potential to facilitate competition, which may positively contribute to financial stability.^{Footnote 51}

5. Advantages over a change of the regulatory framework

The advantages of implementing a regulatory sandbox compared to directly adjusting the regulatory framework to a specific emerging fintech application are numerous. In regular circumstances, the regulator or legislature needs to assess risks on the market. Without a learning platform like the sandbox, this process usually takes a significant amount of time. By the time the findings of this process reach the legislative stage, the stakes are usually high, or risks are already on the verge of materialising. Subsequently, under pressure a proper and (hard) law-worthy solution has to be found. In the past, this frequently resulted in overly hasty adjustments of the legal regime that were inappropriate and poorly designed. Also, in particular in the EU the traditional law-making process is immensely time consuming since most new EU instruments have to be transposed into domestic law^{Footnote 52} or supported by delegated (secondary) EU acts. Given the urgency of regulatory action that is typically prevailing at this stage, this procedure seems largely inefficient.

To follow a precautionary approach^{Footnote 53} is not recommended either. Regulating or even prohibiting certain types of fintech, before having gathered reliable data on it, is likely to heavily impede innovation in the financial sector, lose creative entrepreneurs to other jurisdictions and ultimately slow down economic growth.^{Footnote 54}

Also, a new phenomenon may be volatile, which cannot be judged at the time of its appearance. That could mean once the regulation has changed, the phenomenon has already disappeared. The development of a large share of fintech services, arguably of fintech as a whole, is still at an early stage, when it is too soon to decide whether legislative adjustments are necessary. The responses to the Commission’s consultation underpin this view, as there are a broad variety of opinions on the necessity of legislative action.^{Footnote 55}

Against this background, a regulatory sandbox is a reasonable compromise. It does not take any premature regulatory actions, while speeding up the process of assessing the risks of new technologies and creating necessary capacities for prospective actions. After some time of testing the new fintech inside the sandbox, the regulator would be in a better position to adjust respective regulations, if necessary.

6. Downsides and preliminary conclusion

Of course, a sandbox for fintechs is no panacea. Like every concept, it has its limits: it offers no solution to some of the threats fintech brings, for instance the problem of cyber risk. Also, for some of the prevailing problems and risks discussed above it may only offer an indirect cure (if a cure at all), as the real solution is expected to result from the knowledge that has been developed with the help of the sandbox.^{Footnote 56} Even more fundamental scepticism can be observed at some national authorities, above all the German Financial Supervisory Authority BaFin.^{Footnote 57} Arguments put forward are that a sandbox would not be covered by their mandate^{Footnote 58} as well as level-playing-field concerns. BaFin for instance keeps on putting a strong emphasis on the old principle “same business, same risks, same rules”.^{Footnote 59} Apart from that, there are some obstacles that depend on implementation. Sandboxing may be resource-intensive, thus costly. For jurisdictions with no well-equipped and financially strong regulators, this poses a problem. In this regard some commentators assert that due to the lack of expertise, those regulators may either make promises of liberal treatment that they cannot live up to, or they may tend to allow unacceptable levels of risk.^{Footnote 60} Correspondingly, some sandboxes are – not least because of their own marketing efforts – suspected of being deregulation through the backdoor.^{Footnote 61} Additionally, the capacity in regard of participants (and correspondingly its effect) is strongly dependent on the resources put into the sandbox project. Engaging with fintechs on a case-by-case basis, as it is the case in the FCA and many other sandboxes, imposes a natural limit on the sandboxes scalability,^{Footnote 62} as typically every participant is allocated to an individual agent within the authority.^{Footnote 63}

Also, as mentioned before, one objective of regulatory sandboxes is enhancing innovation and competition. This objective may be thwarted if incumbent (“too-big-to-fail”) institutions are the ones to benefit most from its implementation. Even when excluded from the sandbox, this scenario may occur if those institutions were to begin acquiring firms from the sandbox.^{Footnote 64} Indirectly, the firms that benefit from the sandbox (which is conducted at public expense) would then be the same ones whose costs of failure will be borne by the public.^{Footnote 65} With regard to the same objective, regulators should ensure that they actually provide sandbox firms with sufficient room for innovation. In its “Lessons Learned” Report, the FCA states that around one third of participants in the first sandbox cohort significantly pivoted their business model ahead of launch in the wider market.^{Footnote 66} This might be a hint that the FCA advised some more exotic concepts to adapt a more regulation friendly model.^{Footnote 67} As regulators develop preferences (within the sandbox) about specific product designs, oversight might lead to a model convergence^{Footnote 68} that potentially increases the herding risk. Another downside that has been raised by scholars^{Footnote 69} as well as (potential) sandbox participants^{Footnote 70} is the lack of transparency. Firms claim that it is not clear on which basis the regulator makes its assessment and determines who to allow to access the sandbox. In this context it may also be problematic that some criteria for entering the sandbox are in essence of a subjective nature.^{Footnote 71} This can intensify opaque practices and reduce legal certainty among (potential) participants. As a key element of regulatory sandboxing is the close relationship between the regulator and firms, regulators might be particularly prone to cognitive capture.^{Footnote 72} Staying in constant and close cooperation could lead to a rather “fintech-friendly” mind-set, only seeing the benefits, while losing sight of certain risks. Allen reasonably observes that this risk is heightened particularly by the FCA’s sandbox version, as each firm will be allocated a dedicated case officer.^{Footnote 73}

However, the sandbox phenomenon is still at a very early stage of development, and thus far from perfect. It is a positive aspect that sandbox criteria, instruments, and requirements are not set in stone and can therefore be easily adjusted by the authority.^{Footnote 74} Consequently, those aspects should not be seen as insurmountable disadvantages of the sandbox idea as a whole, but rather as issues that still need to be improved. In sum, we view a regulatory sandbox as definitely a step in the right direction, which has the potential to significantly improve the quality of the regulator’s work.

III. Specific proposal

After demonstrating the benefits a regulatory sandbox would entail for the various sides, this paper now turns to the question of what kind of implementation could be adequate and feasible in an EU context. The multi-layer EU framework for financial services is a complicated mix of legal instruments, and we mentioned earlier that some countries struggle to adopt a meaningful sandbox within this relatively rigid system.^{Footnote 75}

In this convoluted context, we see three basic options to set up a regulatory sandbox. The first option would be a genuine EU-level sandbox, designed and implemented at the EU level. In that scenario, the most adequate institution to design and oversee the sandbox would presumably be either the European Securities and Markets Authority (ESMA) or the European Commission. However, since the competence for enforcement of laws and supervision of financial markets largely rests with Member States and their national authorities, this would require a revision of the European Treaties. A second variant of an EU-based sandbox could be common EU rules that would harmonise Member States’ regulatory sandbox approaches, whilst maintaining national authorities as the pivotal point for execution and day-to-day communication. And as a third option, sandboxes could also be realised at a Member State level, and include the EU in a coordinating role. This paper proposes an implementation of the final version, since it is more feasible and best-suited to the current situation.

1. An EU-wide regulatory sandbox

Following the ongoing discussions, an EU-wide approach on regulatory sandboxing seems to be the zeitgeist.^{Footnote 76} In September 2016 Olivier Guersent, Director-General for Financial Stability, Financial Services and Capital Markets, fuelled rumours of an EU-wide sandbox by saying “we think we should dedicate a bit of thought to how we can have a sound regulatory sandbox approach in Europe that allows markets to develop, that allows innovation to flourish, that allows those companies that innovate to go across borders in the single market while being consistent with our framework”.^{Footnote 77} Further, in the European Commission’s Consultation Document on fintech, respondents, particularly from the industry side but also national authorities, expressed the need for such a measure.^{Footnote 78} However, a closer look reveals that the perceptions of an “EU-wide sandbox” among its proponents are not always homogeneous. While most of them seem to have a harmonised approach in mind,^{Footnote 79} resting the execution on Member State level, some seem to advocate for a genuine EU sandbox, also executed at the EU level.^{Footnote 80}

The strongest barrier to the concept of a genuine and centralised EU sandbox (as mentioned above) is that it appears largely unrealistic and legally difficult to implement. Such a step would require a delegation of regulatory powers from Member States to the EU, which has proven to be politically and legally challenging. For example, the Meroni doctrine sets limits to entrusting EU agencies with discretionary powers.^{Footnote 81} Even if feasible, the realisation of necessary amendments would be enormously time-consuming. Since fintech is a fast-developing and dynamic phenomenon, the prospect of a lengthy implementation on the EU level would not satisfy the need for a quick and flexible measure. An EU-based regulatory sandbox would represent a complex readjustment of the entire EU legal framework, which should only be attempted after the collection of sound analysis and data. Looking at the challenges of fintech, the focus should rather be on flexibility and collecting data and knowledge. Against this backdrop, any ultimate answer seems to be premature.

A less ambitious and more realistic approach has been proposed by, among others, the European Banking Federation (EBF) and the Banking Stakeholder Group (BSG).^{Footnote 82} These institutions recommend a harmonised framework for experimentation with harmonised tools that avoid national divergences in implementation and facilitate the establishment of a level playing field for all countries and participants, while letting the execution of this framework rest within the power of national authorities (“harmonised sandbox approach”). Comparable concepts are also favoured by a significant number of respondents to the Commission consultation. Arguments that are being put on the table most frequently are that this approach would avoid creating additional fragmentation in the single market, avoid distortion of competition between operators in the EU and prevent regulatory arbitrage and a corresponding “race to the bottom”.^{Footnote 83} However, the possibility of implementing a variety of different sandbox approaches across Member States with a dose of regulatory competition also presents potential benefits. Responses in the Consultation Document further imply the reasonable claim that different approaches cause legal uncertainty among applicants. A vast majority of respondents underline a lack of clarity when it comes to definitions, terminology and transparency.^{Footnote 84}

Although not as time-consuming as the first alternative of a genuine EU-based sandbox, the harmonised sandbox approach would still take a lot of time to be implemented. Again, the effects of different sandbox approaches have not yet been properly evaluated, which is why it is too soon to make a final decision at this stage. Just like the phenomenon of fintech, sandboxing itself is still in a phase of experimentation. And the similarities do not stop there: regulators neither possess much experience with sandboxing, nor have any robust data or certainty about its effects. Therefore – in line with the arguments in favour of a regulatory sandbox for fintechs – it seems to be more appropriate in the current situation to start a form of guided policy experimentation,^{Footnote 85} ie testing different approaches on regulatory sandboxes in order to develop the respective expertise. Also a “one-size-fits-all” model would fall short of taking into account legal as well as geopolitical differences among Member States. And, as we shall see, legal certainty and transparency can also be achieved without the harmonisation of sandbox requirements.

2. The case for a “guided sandbox” on the Member State level

The challenge is therefore to design an implementation concept that reaps the benefits of experimentation and regulatory competition, while simultaneously not losing the upsides of an EU-wide approach that primarily lie in legal certainty. For reasons that have already been described above (mainly flexibility and a speedy implementation process), we advocate for finding an option that fits within the current legal framework. To facilitate this, we propose the idea of a “guided sandbox” on the Member State level. This idea is essentially a sandbox version that is operated by the Member States, but in close interaction with the EU institutions as monitors and guardians. Those would also serve as a forum for the exchange of knowledge and experiences.^{Footnote 86} EBA has recently established a “Fintech Knowledge Hub” to provide an overarching forum that brings together competent authorities and stakeholders in a common setting to facilitate information- and experience-sharing.^{Footnote 87} Given the potential synergies, a forum for a “guided sandbox” could easily be established in a similar way and be connected to the Fintech Hub.

In its first function as a guardian, the EU could provide guidance to Member States with regard to regulatory sandboxing. Such guidance should be based on experience that national authorities have already collected, especially that of the FCA. Right now, there is little data to make use of, since there are only few European sandboxes established (some of them very recently). However, this data – in addition to the data that is available from foreign authorities – can build the ground for a preliminary sandbox body. Given the resources and expertise that are available at the EU level, various improvements can be tested. Technically, the guidance would be best executed by the ESAs within their given power, thus on the third level of EU lawmaking.^{Footnote 88} The ESAs could issue guidelines, high-level principles and recommendations that set out best practices on the implementation of a regulatory sandbox as well as basic principles that each sandbox should be built on.^{Footnote 89} These instruments could include specific recommendations about the key sandbox parameters that we discussed in Section II. In such a framework, the ESAs could propose different conceivable approaches on each parameter, for instance varying measures that may work as consumer safeguards. Consequently, national authorities could choose from such a menu, at their own discretion, which variant works best given their specific market conditions, geopolitical situation and their capabilities in terms of budget and human resources. Ideally, this should result in a toolkit that puts every domestic regulator in the position of being able to establish a sandbox that is well-tailored to their particular needs, as opposed to a one-size-fits-all version. To ensure a certain degree of transparency for potential participants, those recommendations should be made publicly available by the ESAs. This should be complemented by further informal Q&A, FAQs, reports and tailored advice to regulators. For this purpose, the ESAs should establish a central contact point for domestic regulators that offers support with specific questions regarding the set up and implementation of the sandbox or other related regulatory issues. To ensure that regulators are not overstepping the boundaries of EU law, the ESAs should, on the basis of feedback and reports by domestic regulators, make regular assessments.

The advantage of this method over a harmonised sandbox would be not only the speed of issuance, as those guidelines etc would avoid the lengthy process of regular EU legislation; they would also gain the corresponding flexibility in adjustment and therefore be more responsive to market innovation. Smaller, less well-equipped regulators would particularly benefit from the external research on sandboxing that is conducted by the ESAs and the certainty that comes with those recommendations.^{Footnote 90} This means that the process of designing a regulatory sandbox at the national level would be much less resource intensive. Consequently, those regulators would be able to concentrate their manpower in the mere implementation of any given recommendations. For more sophisticated authorities, on the other hand, this concept maintains the possibility of gaining a competitive advantage over other regulators by experimenting on other/better approaches and advertising their respective benefits. Within the close dialogue between national regulators and the ESAs, regulators would also have an opportunity to seek advice on their individual sandbox approach. If there were concerns about the consistency of a specific approach that deviated from the EU guidelines, the ESAs could provide some certainty.

Secondly, the EU would function as a coordinating forum for continuing exchange of experiences that have been made by national regulators with sandboxing, with the aim of establishing an effective feedback loop. While national regulators would report regularly to the ESAs, the ESAs would aggregate and analyse the data and in turn would be able to provide constructive feedback and recommendations for improvement. This should preferably run in an institutionalised set up with pre-defined and fast communication channels and a responsible department at the ESAs. As discussed above, the Fintech Hub already serves as a forum bringing together all relevant stakeholders. This hub could also operate as the pivotal point for exchanging experiences with the different variants of the sandbox. Apart from that, direct communication channels between Member State authorities and the ESAs should be established in order to ensure constant information flow and support in daily issues with regard to sandboxing. Given the flexibility of this concept, the iterative feedback between national regulators and the ESAs would facilitate continuing refinement and improvement of the EU guidance. The objective of this exchange would be to engage in a mutual learning process that allows the collection of more data and expertise on sandboxing in a decentralised way. As within the regulatory sandboxing itself, a cooperative relationship is one key element of this concept. Depending on the outcome of this process, the EU could subsequently engage in further steps which might be an EU-wide sandbox, an adjustment of the regulatory framework, or any other action.

In January 2019, the ESAs published a report^{Footnote 91} which makes similar proposals to those we set out here, and is therefore to be welcomed. Informed by a comparative analysis and by experiences of domestic (EU) regulators, the report sets out best practices for designing and operating regulatory sandboxes. Those best practices are intended to support Member States’ authorities with both establishing and improving sandboxes. Not less important, the ESAs identified as possible areas for further development the creation of an EU joint-initiative on cooperation and coordination between the national regulators, as well as an EU network to “bridge” sandboxes established at a Member State level. This is certainly an important and welcome step, though there is much more work to be done. First, the report’s best practices are far from being comprehensive. They rarely contain any practical advice, for instance on the resources and equipment needed to run a sandbox, which communication channels are appropriate and what systems have to be in place before initiating the project. Generally, the best practices cannot yet be considered as a toolkit that is able to put especially smaller regulators in a position to run a regulatory sandbox. At this stage, the guidance appears to be at best weak and the knowledge exchange system is not at all institutionalised, as it primarily takes place in the form of consultations and reports. Those, however, are ponderous and therefore not suited to the challenges that a rapidly changing environment entails. Rather, as described above, a robust system should be able to efficiently gather the decentralised knowledge of domestic regulators and accumulate it at a central point, where it is processed. A promising suggestion by the ESAs report in that regard is to complement the guidance with a platform for practitioners and experts to support participating authorities with firm-specific questions and the treatment of certain innovations.^{Footnote 92} Ultimately, the project takes a welcome direction, yet clearly lacks ambition and consistency.

A widespread concern that is being raised against an unharmonised approach towards regulatory sandboxes in the EU is regulatory arbitrage and a corresponding race to the bottom.^{Footnote 93} If executed properly, this concern should have very little bearing. The existing regulatory framework within the EU already entails a highly integrated regulatory standard. Likewise, the ESAs emphasise in their recent report that sandboxes are not an instrument for the disapplication of relevant EU law but only make full use of the discretion that is already provided by the legal framework.^{Footnote 94} Where appropriate regulation does not (yet) exist for a certain service, the sandbox provides a platform to address corresponding risks much faster and with a greater degree of flexibility than in the regular process. This view seems to be corroborated by the experiences of national regulators who do not identify any additional risk resulting from regulatory sandboxes or other innovation facilitators in place.^{Footnote 95} Hence, the risk of a race to the bottom is more likely to decrease rather than to increase. Quite the opposite may be true: we could expect a quality-based competition between Member States in providing the best conditions and the most innovation-friendly environment.^{Footnote 96} That is, improvements in the quality of sandboxes may not only be nurtured by the above mentioned mutual learning process, but also – and perhaps even to a higher degree – through competition between Member States. A reason for this is the dynamic and fast nature of the market. National authorities may become aware very quickly if fintechs are particularly attracted by another authority’s sandbox, and hence try to design a better version of it. Positive signals and creative input may also come from the market itself, expressing desires for certain sandbox features.

Given the existing regulatory body with its rather rigid legislative standards, one might however raise the question of how a sandbox could work within such a setting.^{Footnote 97} Since Member States are not able to grant relief of rules that are based on European legislation, possible instruments and flexibility within the sandbox are admittedly more limited than they might be for completely “independent” jurisdictions.^{Footnote 98} The Australian sandbox for instance is able to grant full relief for firms without a case-by-case review.^{Footnote 99} Firms that meet the eligibility criteria are automatically freed from any licensing requirement.^{Footnote 100} The obvious benefits of this approach are the extremely low costs of operation, making the process less resource-intensive than, for example, the FCA sandbox. Also, there is no limited number of sandbox participants. On the other hand, the requirements for relief are quite narrow, which also narrows the room for innovation. Moreover, firms applying for relief are obliged to disclose whether or not they have a regulatory licence, while also being limited in numbers of customers and assets under management. Under these circumstances, the relief granted by this limited sandbox appears to lose much of its attractiveness: firms are limited in innovation, while also not being able to operate under real market conditions. This is impressively demonstrated by the fact that in 2017–2018 only six firms have taken advantage of the Australian sandbox licensing exemption.^{Footnote 101} Furthermore, the lack of communication and individual engagement with innovation from the regulator’s side cuts the sandbox concept short of one of its key justifications, which is the mutual learning process.

Moreover, certain EU rules, as an expression of the proportionality or flexibility principle, offer a margin of discretion for the regulator.^{Footnote 102} The feasibility of regulatory sandboxing within the existing EU regulatory framework is not at least evidenced by the existing implementations (UK, Netherlands, Poland, Denmark and Lithuania).^{Footnote 103} Also, those versions are not simply copies of each other – far from it. Compared with the British FCA, the Dutch authorities take a more “principles based” approach by attempting to use the scope offered within the legal framework. Put differently, they seek to provide a regulatory solution for firms only if the underlying purposes of the respective policies, rules, and regulations are satisfied.^{Footnote 104} The FCA, meanwhile, focuses more on individual guidance and coordination with sandbox participants and offers – by way of its general power to grant licences subject to certain limitations – restricted licences to participants. Those are typically connected to the respective testing parameters.^{Footnote 105} The Polish sandbox, in contrast, seems to have set its focus on assistance in obtaining all necessary authorisations to conduct the firm’s services. To achieve this, the Polish Financial Supervision Authority (UKNF) provides comprehensive training and legal advice for the preparation of the respective licence. All of this ultimately indicates that there is some – albeit limited – scope for regulators. The limitations may be deplored but may also have positive side effects: Member States engage in a competition about best regulatory practices and the best quality advice, rather than attempting to attract firms with deregulation. Moreover, too much scope would allow for a much broader variety of regulation approaches, which could potentially cause an unhealthy level of fragmentation. While there is no data on the Dutch sandbox available yet, effects of the FCA sandbox can already be observed: a growing number of applications in each cohort, and the position of London as the world capital of fintech,^{Footnote 106} indicate a demand for the concept as well as some return on the investment.

As mentioned above, one goal of the proposed concept is to encourage especially smaller jurisdictions to engage in the process in order to lure innovative start-ups. Given the relatively large amount of resources that are needed for running a sandbox, the “credibility” of those sandboxes could become an issue.^{Footnote 107} It is obvious that small country regulators will not have resources and capacity comparable to the FCA. Nevertheless, smaller regulators also have the possibility to turn this perceived lack of resources into an advantage. As a first step of a “guided sandbox”, both the structure and implementation of the sandbox would be determined by the EU. Those regulators may then focus on the enforcement of these guidelines and recommendations. To boost the quality of their sandbox, regulators in smaller Member States may consider not overloading themselves with a large number of participants, but rather start with accepting just a few, while making sure they provide a decent service. Also, they could avoid (direct) competition with stronger regulators by engaging in specialisation. Some sandbox features may be particularly suitable for a specific fintech application. Identifying, designing and emphasising those features could make them more appealing for the respective type of fintech compared to a more general sandbox.^{Footnote 108} Hence, the disadvantage in the total amount of resources could be compensated by pooling them. Ultimately, this concept provides potential to make ground on the US fintech market, as there is no such programme running to date. Even though the US Treasury, in a recent report, strongly endorsed the creation of a federal US sandbox,^{Footnote 109} the chances of its actual realisation are rather slim. Due to the fragmentation inherent in the US financial supervisory system and overlapping competences of authorities, implementing a regulatory sandbox on the federal level constitutes a profoundly complex endeavour.^{Footnote 110}

3. Follow-up regulatory trajectory^{Footnote 111}

We saw above that a regulatory sandbox constitutes only the basis of an adequate regulation of fintech. At the present time it is a sound regulatory instrument, whose primary benefit lies in facilitating knowledge exchange, collecting information and reducing uncertainty. However, it does not offer a sustainable cure for flaws that are incorporated in the EU legal framework. Also, the value of the learning process is limited, since some risks only emerge as the phenomenon matures and the respective service or product reaches a certain scale, that is, long after the respective advisor has exited the sandbox.

As previously mentioned, one of the regulatory sandbox’s key objectives is to lower barriers to enter the market for small firms. However, that alone may not be enough. In the following, we will argue that, after having facilitated market entry, regulation should stick to this underlying idea. That is, it should continue to reconsider (unreasonable) barriers to scaling up that exist within the (regular) market. In this regard, it is important to note that this should not be understood as an unconditional support of fintechs or an intervention in the selection process of the market. Most certainly, plenty of barriers and regulatory obstacles have their justification, also with regard to small fintechs. Hence, only those barriers are to be addressed that constitute an inadequate obstacle. Moreover, common rules of competitive markets are preserved, while a sufficient level of consumer protection must be ensured at all times. For these reasons, the follow-up regulation after the sandbox phase should follow a regulatory “trajectory” that proceeds in line with the size and risk-level of the respective fintech. This trajectory should consist of the following elements: first, it should maintain the same close dialogue with the firms that has been established during the sandbox phase in order to collect more valuable information about the new service offered by the fintech. Secondly, it should mitigate unnecessary barriers that appear at each stage of its growth, while ensuring consumer protection and monitoring risks for financial stability at all times. Thirdly, we recommend enhanced cooperation of regulators around the globe, facilitating simplified access for fintechs to new markets. Ensuring those elements would once more boost the attractiveness of the EU market as a hub for fintech startups.

IV. Conclusion

This paper has explored the challenge of regulating financial technology against the double uncertainty of having to square the facilitation of innovation with securing against any risk, both for investors and market stability.

At this stage, the existing EU regulatory framework is of little help. It does not adequately address these concerns, and neither does it support the development of new financial technologies. Instead, this paper proposes a regulatory “sandbox” – an experimentation space – as a step towards a regulatory environment where such new business models can thrive. A sandbox would allow market participants to test automated services in the real market, with real consumers, but under the close scrutiny of the supervisor. The benefit of such an approach is that it fuels the development of new business practices and reduces the “time to market” cycle of financial innovation while simultaneously safeguarding consumer protection. At the same time, a sandbox allows for mutual learning in a technical field which is sometimes poorly understood, both for firms and for the market authority. This would help to reduce the prevalent regulatory uncertainty for all market participants.

In the particular EU legal framework, with various layers of legal instruments, the implementation of such a sandbox is not straightforward. In this paper, we propose a “guided sandbox”, operated by the EU Member States, but with endorsement, support, and monitoring by EU institutions. This innovative approach would be somewhat uncharted territory for the EU, and would therefore also contribute to the future development of EU financial market governance as a whole.

Footnotes

We are grateful for feedback and comments from Luca Enriques, Matthias Lehmann, Alessio Pacces, Jatine Patel, as well as workshop participants at the University of Bonn, the Law & Finance workshop at the University of Oxford, the NTU/UHH/Kyoto workshop in Taiwan, the AGCOM & EJLE workshop in Rome, the European Law & Economics conference in Milan, and a workshop at the Warsaw School of Economics.

References

1 For a description of a sandbox in programming, see for example C Hoffmann, “Sandboxes Explained: How They’re Already Protecting You and How To Sandbox Any Program” (2 August 2013) <www.howtogeek.com/169139/sandboxes-explained-how-theyre-already-protecting-you-and-how-to-sandbox-any-program/> accessed 24 January 2020.

2 For more information, see EMA, “Regulatory Sandbox” <www.ema.gov.sg/sandbox.aspx> accessed 24 January 2020.

3 That is, a drug is being tested on a limited and specified group of patients to evaluate its effect before becoming authorised for the market.

4 The same definition is used by European Banking Authority (EBA) in EBA, “Discussion Paper on EBA’s approach to financial technology (FinTech)” (EBA/DP/2017/02, 4 August 2017), <eba.europa.eu/sites/default/documents/files/documents/10180/1919160/7a1b9cda-10ad-4315-91ce-d798230ebd84/EBADiscussionPaperonFintech(EBA-DP-2017-02).pdf?retry=1> accessed 24 January 2020.

5 See FCA, “Regulatory Sandbox” <www.fca.org.uk/firms/regulatory-sandbox> accessed 24 January 2020.

6 For an updated list of running sandboxes, see DFS Observatory, “Regulatory Sandboxes” <dfsobservatory.com/content/regulatory-sandboxes> accessed 24 January 2020.

7 Financial Stability Board (FSB), Financial Stability Implications from Fintech: Supervisory and Regulatory Issues that Merit Authorities’ Attention (27 June 2017) 4f <www.fsb.org/wp-content/uploads/R270617.pdf> accessed 24 January 2020.

8 The following enumeration is neither definite nor does it claim to be exhaustive. A comparable categorisation is used by Zetzsche, DA et al, “Regulating a Revolution: From Regulatory Sandboxes to Smart Regulation” (2017) 23 Fordham Journal of Corporate & Financial Law 31, at p 69 ffCrossRef Google Scholar.

9 For consumer safeguard standards of the FCA’s sandbox, see FCA, “Default standards for sandbox testing parameters” <www.fca.org.uk/publication/policy/default-standards-for-sandbox-testing-parameters.pdf> accessed 24 January 2020.

10 See FCA, “Applying to the regulatory sandbox” <www.fca.org.uk/firms/regulatory-sandbox/prepare-application> accessed 24 January 2020.

11 European Supervisory Authorities (ESAs), “Joint Report on FinTech: Regulatory sandboxes and innovation hubs” (JC 2018/74, 7 December 2018) 22 <eba.europa.eu/-/esas-publish-joint-report-on-regulatory-sandboxes-and-innovation-hubs>.

12 For a brief overview, see Zetzsche et al, supra, note 8, at p 73.

13 For example, cohort 2 of the FCA’s sandbox consisted of 24 participants, while the current fourth cohort consists of 29 firms. The Australian sandbox, however, has no limitation on participants.

14 FCA, “Default standards”, supra, note 9.

15 FCA, Regulatory Sandbox: Lessons Learned Report (October 2017) <www.fca.org.uk/publication/research-and-data/regulatory-sandbox-lessons-learned-report.pdf> accessed 24 January 2020.

16 See eg ASIC, “Testing fintech products and services without holding an AFS or credit licence”, Regulatory Guide 257 (August 2017) p 22 ff, <download.asic.gov.au/media/4420907/rg257-published-23-august-2017.pdf> accessed 24 December 2020; for further differences between the FCA and the ASIC sandbox, see eg Banking Stakeholder Group, “Regulatory Sandboxes: Proposal to the EBA” (20 July 2017) <www.eba.europa.eu/documents/10180/807776/BSG+Paper+on+Regulatory+Sandboxes_20+July+2017.pdf> accessed 24 December 2020.

17 Zetzsche et al, supra, note 8, at p 75.

18 See for instance the Sandbox in Singapore: Monetary Authority Singapore (MAS), “Fintech Regulatory Sandbox Guidelines” (November 2016) <www.mas.gov.sg/~/media/Smart%20Financial%20Centre/Sandbox/FinTech%20Regulatory%20Sandbox%20Guidelines.pdf> accessed 18 December 2019.

19 Eg the proposal for the Swiss sandbox is not limited timewise.

20 In the Australian sandbox though, under the fintech licencing exemption all requirements regarding the authorisation are waived, without a case-by-case analysis of their “unnecessity”.

21 So conducted for example by the MAS in Singapore. See MAS, “Frequently Asked Questions on Fintech Regulatory Sandbox” (16 November 2018) <www.mas.gov.sg/-/media/MAS/Smart-Financial-Centre/Sandbox/FAQs.pdf?la=en&hash=1ED7B8848A3443FB1DE810EFB28211489%20DA08409> accessed 24 January 2020.

22 For example, the Australian ASIC has the power to (fully) exempt firms from a predefined set of regulations and also has the discretion to grant relief from compliance with a rule when its applicability to the fintech industry is unclear.

23 See eg the apparent constraints of the Dutch authorities: AFM and DNB, “More Room for innovation in the financial sector” (December 2016) <www.dnb.nl/en/binaries/More%20room%20for%20innovation%20in%20the%20financial%20sector_tcm47-350715.pdf> or those of the FCA, “Regulatory Sandbox” (November 2015) <www.fca.org.uk/publication/research/regulatory-sandbox.pdf> both accessed 24 January 2020.

24 AFM and DNB, supra, note 23.

25 ibid.

26 See Danish Financial Supervisory Authority (DFSA), “FT lab” <www.dfsa.dk/Supervision/Fintech/FT-lab> accessed 24 January 2020.

27 For example Felix Hufeld, president of the German Financial Supervisory Authority BaFin in a speech at BaFin’s 2016 New Year press reception (available in German at <www.bafin.de/SharedDocs/Veroeffentlichungen/DE/Reden/re_160112_neujahrspresseempfang_p.html>).

28 See eg ASIC, supra, note 16, at p 257; AFM and DNB, supra, note 23, section 4.

29 As explicitly outlined, for example, by the DFSA with regard to its sandbox: see DFSA, supra, note 26. This particular benefit of a regulatory sandbox is also acknowledged by BIS, “Sound Practices, Implications of fintech developments for banks and bank Supervisors” (2018) Basel Committee on Banking Supervision, available at <www.bis.org/bcbs/publ/d431.pdf> accessed 18 December 2019, p 39 and the FSB, supra, note 7, p 3.

30 On the importance of collecting data in the regulatory process, see eg M Fenwick et al, “Regulation Tomorrow What Happens When Technology is Faster than the Law” (2017) 6 American University Business Law Review 561.

31 For problems on post-crises regulation see for example R Romano, “Regulating in the Dark and a Postscript Assessment of the Iron Law of Financial Regulation” (2014) 43 Hofstra Law Review 28.

32 See also Allen, H, “A US Regulatory Sandbox?” (2019) 87 George Washington Law Review 579 Google Scholar, at p 580 with further references in fn 2.

33 Zetzsche et al, supra, note 8, at p 78.

34 For desirable effects of regulatory competition, see Ringe, W-G, “Regulatory Competition in Global Financial Markets – The Case for a Special Resolution Regime” (2016) 1 Annals of Corporate Governance 175 CrossRef Google Scholar.

35 See eg G Dorfleitner and L Hornuf, The Fintech Market in Germany – Final Report for the German Finance Ministry (17 October 2016) <www.bundesfinanzministerium.de/Content/DE/Standardartikel/Themen/Internationales_Finanzmarkt/2016-11-21-Gutachten-Langfassung.pdf%3F__blob%3DpublicationFile> (in German) accessed 24 January 2020; European Financial Services Round Table (EFR), “Paper on Regulatory Sandboxes” (September 2016) <www.efr.be/documents/news/99.2.%20EFR%20paper%20on%20Regulatory%20Sandboxes%2029.09.2016.pdf> accessed 24 January 2020. An EBA Discussion Paper further shows that fintech services stay partly unregulated and that regulation strongly varies between Member States within the EU. See EBA Discussion Paper, supra, note 4. In another paper, we conduct an analysis of the regulatory situation of robo advisors in the EU, showing a prevailing regulatory uncertainty: see WG Ringe and C Ruof, “A Regulatory Sandbox for Robo Advice” (2018) EBI Working Paper no 26/2018, available at <ssrn.com/abstract=3188828>.

36 Insiders estimate that the total costs for operating a fintech until the receipt of a licence amounts to roughly €20 million. See Gelis, P, “Why Fintech Banks Will Rule The World” in Chishti, S and Barberis, J (eds), The Fintech Book: The Financial Technology Handbook for Investors, Entrepreneurs and Visionaries (Wiley 2016) p 237 Google Scholar.

37 See n 35 and accompanying sources.

38 See Ringe and Ruof, supra, note 35, at p 28 ff.

39 FCA, Lessons Learned, supra, note 15, at 2.8, 2.9. It must, however, be acknowledged that given its small scale, no robust conclusions can be derived from that.

40 As shown in our related work, there are still widespread concerns for instance towards entrusting private wealth to full-automated service: see Ringe and Ruof, supra, note 35, at p 11 ff with further references.

41 As a former participant of the FCA sandbox put it: “For us and for small companies, regulation is an important hook to sell our products”: see BBVA Communications, “I participated in a ‘regulatory sandbox’” (14 June 2017) <www.bbva.com/en/participated-regulatory-sandbox/> accessed 24 January 2020). See also S Pearse, “How the FCA’s Regulatory Sandbox scheme could help UK FinTech startups” (2 May 2016), available at <www.uktech.news/news/how-the-fcas-regulatory-sandbox-scheme-could-help-uk-fintech-startups-20160502>. Critical in that respect: J Kelly, “A ‘fintech sandbox’ might sound like a harmless idea. It’s not” Financial Times (5 December 2018).

42 See FCA, Lessons Learned, supra, note 15, para 2.9 ff. The FCA thereby provides the fact that at least 40% of firms that completed testing received investment during or following the sandbox. It is not clear, however, how many would have received investment without sandbox participation.

43 See especially FSB, supra, note 7, or FSB, FinTech and market structure in financial services: Market developments and potential financial stability implications (14 February 2019) 5, available at <www.fsb.org/wp-content/uploads/P140219.pdf> accessed 24 January 2020.

44 The necessity of data and expertise is also highlighted by the FSB, supra, note 7; regarding this problem, see also Arner, DW et al, “FinTech, RegTech and the Reconceptualization of Financial Regulation” (2017) 37 Northwestern Journal of International Law & Business 371 Google Scholar.

45 See FSB, “Artificial intelligence and machine learning in financial services” (1 November 2017) <www.fsb.org/wp-content/uploads/P011117.pdf> accessed 24 January 2020.

46 RegTech is defined by the Institute of International Finance as the use of new technologies to solve regulatory and compliance requirements more effectively and efficiently.

47 BIS, supra, note 29, at p 35.

48 ibid.

49 This is indicated by the EBA Discussion Paper, supra, note 4. For a deeper analysis of the case of robo advice, see Ringe and Ruof, supra, note 35, at p 32 ff.

50 Also inter alia indicated by the EBA Discussion Paper, supra, note 4, showing that a large number of financial technology firms are unregulated.

51 This may be by diversifying risks that are currently concentrated at systemically important financial institutions. However, competition can also put pressure on the margins of such institutions, incentivising them to engage in riskier behaviour, which can also raise stability concerns.

52 In the (common) case where EU institutions use the form of a directive.

53 In the sense of regulating a service in a restrictive way, before its risks have been identified.

54 Armour, J et al, Principles of Financial Regulation (Oxford, Oxford University Press 2016) p 51 CrossRef Google Scholar.

55 See European Commission, Detailed summary of individual responses to the “Public Consultation on Fintech: a more competitive and innovative European financial sector” (12 September 2017) 39 ff, available at <ec.europa.eu/info/sites/info/files/2017-fintech-summary-of-responses-annex_en.pdf> accessed 24 January 2020.

56 Further explained in section III.C below.

57 In his speech at the New Year press reception 2016, supra, note 27, BaFin president Felix Hufeld insisted there will be no “little buckets and spades” for fintech companies. A similar narrative was taken up by the head of the New York State Department of Financial Services, Maria Vullo, who stated that “Toddlers play in a sandbox. Adults play by the rules”, statement available at <www.dfs.ny.gov/about/statements/st1807311.htm>.

58 Apparently, in the ESAs Report, supra, note 11, some other authorities also queried the extent to which their mandates permitted the establishment of a regulatory sandbox. However, those authorities in the EU having established a sandbox refer to the common objective, such as contributing to financial stability, as a sufficient legal basis (see p 19).

59 See for example F Hufeld, “Opinion on low interest rates, digitalisation and regulation” in BaFin, “2016 Annual Report” available at <www.bafin.de/EN/PublikationenDaten/Jahresbericht/Jahresbericht2016/jahresbericht_node_en.html> accessed 24 January 2020.

60 See Zetzsche et al, supra, note 8, at p 79.

61 In this direction see Kelly, supra, note 41.

62 See also Zetzsche et al, supra, note 8, at p 46.

63 Not engaging with participants individually, but granting general reliefs imposes other problems and risks, see eg text to note 99 of this paper (there in the context of the Australian sandbox).

64 Allen, supra, note 32. This issue can, however, be more adequately addressed by competition law. For a more information on this topic, see for example van Loo, R, “Making innovation more competitive” (2018) 65 UCLA Law Review 232 Google Scholar.

65 However, excluding incumbents from the sandbox might raise level-playing-field issues. This might, on the other hand, be justified by their presumed competitive advantage in managing the regulatory framework as well as their imposed risk on the society (in case of a SIFI). For more arguments on this issue, see for instance Bromberg, L et al, “Fintech Sandboxes: Achieving a Balance between Regulation and Innovation” (2017) 28 Journal of Banking Law and Finance Practice 314, at p 323 ffGoogle Scholar.

66 FCA, Lessons Learned Report, supra, note 15, para 2.16 (on p 6).

67 For similar comments, see I Kaminska, “The FCA want to have its cake and eat it”, Financial Times (25 October 2017), available at <ftalphaville.ft.com/2017/10/25/2195224/the-fca-wants-to-have-its-cake-and-eat-it-sandbox-edition/> accessed 24 January 2020.

68 See also Baker, T and Dellaert, B, “Regulating Robo Advice across the Financial Services Industry” (2018) 103 Iowa Law Review 713 Google Scholar, at p 747.

69 Zetzsche et al, supra, note 8, at p 80.

70 See European Commission, supra, note 55, at p 52 ff.

71 Zetzsche et al, supra, note 8, at p 80.

72 See also Allen, supra, note 32, at p 635 ff, with further references. For more information on regulatory capture, see Armour et al, supra, note 54, at p 560 ff.

73 Allen, supra, note 32, at p 636. Allen also presents a possible solution for that problem on p 637.

74 For instance the FCA and the ASIC are continuously making discreet, small adjustments to the contours of their regulatory sandboxes. See FCA, supra, note 23, stating that the sandbox can be revised in light of experiences made; regarding recent adjustment of the ASIC, see Clifford Chance, “Growing the Sandbox – Australia’s enhanced Fintech Regulatory Sandbox” (7 November 2017) Clifford Chance Client Briefing <www.cliffordchance.com/content/dam/cliffordchance/briefings/2017/11/growing-the-sandbox-australias-enhanced-fintech-regulatory-sandbox.pdf> accessed 24 January 2020.

75 See above section II.B.

76 See for example European Banking Federation, “Innovate. Collaborate.Deploy. The EBF vision for banking in the Digital Single Market” (14 November 2016) <www.ebf-fbe.eu/wp-content/uploads/2016/11/EBF-vision-for-banking-in-the-Digital-Single-Market-October-2016.pdf> accessed 24 January 2020; from a policy perspective, an EU regulatory sandbox is also proposed by A Andhov, “Will FinTech become the Enabler for the Capital Market Union?”, available at <papers.ssrn.com/sol3/papers.cfm?abstract_id=3210202> accessed 24 January 2020. Within a report of the European Parliament, the Committee on the Internal Market and Consumer Protection encouraged a sandbox approach on a European level (see European Parliament, “Report on FinTech: the influence of technology on the future of the financial sector” (2016/2243(INI)) <www.europarl.europa.eu/doceo/document/A-8-2017-0176_EN.html> accessed 24 January 2020; Banking Stakeholder Group, supra, note 16; EFR, supra, note 35.

77 See corresponding interview with Law360, “EU Weighs Cross-Border Financial Regulatory Sandbox” (16 September 2016) at <www.law360.com/articles/840834/eu-weighs-cross-border-financial-regulatory-sandbox> accessed 24 January 2020.

78 See Commission Responses, supra, note 55, at p 53 ff.

79 For example Banking Federation, supra, note 76; European Banking Stakeholder Group, supra, note 16; European Financial Services Roundtable, supra, note 76; also a significant number of respondents in the Commissions Consultation Document seem to favour the harmonised approach. See also European Commission, “Fintech: a more competitive and innovative European financial sector” (Consultation Document 2017) 7 <ec.europa.eu/info/sites/info/files/2017-fintech-consultation-document_en_0.pdf> accessed 24 January 2020.

80 Some respondents in the Commission’s Consultation Document seem to favour an approach as such, see for example on p 51 or 54, supra, note 55.

81 For more information on the Meroni doctrine, see eg Moloney, N, EU Securities and Financial Markets Regulation (3 ^rd edn, Oxford University Press 2014)Google Scholar at pp 909–910 and 994 ff.

82 European Banking Federation, supra, note 76, and Banking Stakeholder Group, supra, note 16. The EBF proposal is also supported by DF Lange, “Die Regulatory Sandbox für Fintechs” in Innovatives Denken zwischen Recht und Markt (Festschrift für Hans-Peter Schwintowski, Nomos 2018).

83 See European Banking Federation, supra, note 76, and Commission Responses, supra, note 55, at p 53 ff.

84 The lack of transparency is also named as one of the major downsides of regulatory sandboxes by Zetzsche et al, supra, note 8, at p 80.

85 Fenwick et al, supra, note 30, also advocate for a form of policy experimentation on how to deal with emerging technologies. Moreover, the European Parliament Committee on the Internal Market and Consumer Protection encourages Member States to experiment with new regulatory instruments, see European Parliament, Report on FinTech, supra, note 76.

86 In its Fintech Action Plan, the European Commission supports a comparable setup for innovation hubs, see European Commission, “FinTech Action plan: For a more competitive and innovative European financial sector” (8 March 2018, COM(2018) 109 final) 9. A speech by Sabine Lautenschläger, former Member of the Executive Board of the ECB, indicates that the ECB already has specific plans for such a measure (see S Lautenschläger, “Digital na(t)ive? Fintech and the future of banking” (Frankfurt 27 March 2017) available at <www.ecb.europa.eu/press/key/date/2017/html/sp170327_1.en.html> accessed 24 January 2020).

87 See EBA, “Fintech Knowledge Hub” <eba.europa.eu/financial-innovation-and-fintech/fintech-knowledge-hub>; for further information, see EBA, The EBA’s Fintech Roadmap (15 March 2018) <www.eba.europa.eu/documents/10180/1919160/EBA+FinTech+Roadmap.pdf> p 28 ff, both accessed 24 January 2020.

88 For further information on the Lamfallussy process see Moloney, supra, note 81, at p 854 ff.

89 A concept similar to this one was also suggested by some respondents (from the industry side) in European Commission, see supra, note 55, p 53. Following that, within their Fintech Action Plan, supra, note 86, the Commission decided to present a report with best practices or regulatory sandboxes for regulatory sandboxes by Q1 2019 (see on p 9). The EBA decided to affiliate with that plan, intending to conduct further analysis on regulatory sandboxes with a view to defining common features and best practices and assessing compatibility with EU law (see EBA, supra, note 87, p 21). It plans to issue a corresponding report by the end of 2020. Creating more certainty, this will presumably be an important first step in encouraging more Member States to adopt regulatory sandboxes.

90 For instance the Hungarian market supervisor has identified substantial demand for a regulatory sandbox and is currently evaluating options of an implementation. See Magyar Nemzeti Bank, Innovation and Stability – Overview of Fintech in Hungary (Consultation Document 2017), available at <www.mnb.hu/letoltes/consultation-document.pdf> accessed 24 January 2020. At this stage, it would significantly benefit from EU guidance as proposed in this paper.

91 ESAs Report, supra, note 11.

92 ESAs Report, supra, note 11, at p 38.

93 See eg European Commission, supra, note 55, at p 50. Also, Zetzsche et al, supra, note 8, see the risk of a “race-to-the-bottom style competition”, however stating that the more likely outcomes from sandboxes will be beneficial (at p 78 ff). Allen, supra, note 32, a raises a comparable concern regarding a sandbox in the US enforced by different state agencies.

94 ESAs Report, supra, note 11, at pp 5 and 18, 20.

95 ibid, at p 34.

96 A competition of that kind requires a framework that would allow firms to “shop” for the sandbox that fits them the best, for which the EU Single Market provides a tested level playing field.

97 Certainly, some Member States might also experience problems under domestic law. Some authorities for example claim that establishing a regulatory sandbox would exceed their legal mandate (see ESAs Report, supra, note 11, at p 36). The discussion of such domestic legal issues is, however, not within the scope of this paper.

98 For example, regulators cannot allow firms that carry out a regulated financial service under EU law to start testing without a licence. See ESAs Report, supra, note 11, at pp 18, 21.

99 More specifically, the regulatory sandbox regime in Australia is comprised of both an individual licencing exemption and the (general) fintech licencing exemption (see ASIC Guide, supra, note 16). For more information on the Australian sandbox, also in comparison to the FCA sandbox, see Bromberg et al, supra, n 65, at p 320 ff.

100 ASIC Guide, supra, note 16.

101 See ASIC, Annual Report 2017–18 (2018) 89, available at <download.asic.gov.au/media/4922434/annual-report-2017-18-published-31-october-2018-section5.pdf> accessed 24 January 2020.

102 Commission Action Plan, supra, note 86, at p 9. Or – going more into detail – ESAs Report, supra, note 11, providing an example from EU banking law (see p 14 ff).

103 Certainly under the assumption that those sandboxes are in accordance with EU law. Also, more regulators in the EU intend to implement sandboxes: Spain, for example, has already presented a draft bill. See for example C Pehlivan, “Spain gives greenlight to the law creating a ‘Regulatory Sandbox’” (25 February 2019) Linklaters FintechLinks blog, available at <www.linklaters.com/de-de/insights/blogs/fintechlinks/2019/spain-gives-greenlight-to-the-law-creating-a-regulatory-sandbox> accessed 24 January 2020.

104 See AMF and DNB, supra, note 23.

105 See ESAs Report, supra, note 11, at p 26.

106 It is acknowledged that other factors also contributed to this development.

107 See Zetsche et al, supra, note 8, at p 79.

108 In a similar direction M Wechsler et al, “The State of Regulatory Sandboxes in Developing Countries” (2018) DFSO Working Paper, available at <dfsobservatory.com/sites/default/files/DFSO%20-%20The%20State%20of%20Regulatory%20Sandboxes%20in%20Developing%20Countries%20-%20PUBLIC.pdf> accessed 24 January 2020, proposing “thematic regulatory sandboxes” in developing countries that, as well as enhancing innovation and economic growth, focus on specific national policy objectives.

109 US Department of the Treasury, “A Financial System That Creates Economic Opportunities: Nonbank Financials, Fintech, and Innovation” (July 2018), available at <home.treasury.gov/sites/default/files/2018-08/A-Financial-System-that-Creates-Economic-Opportunities---Nonbank-Financials-Fintech-and-Innovation.pdf> accessed 24 January 2020.

110 For a critical discussion of the Treasury’s proposal, see Clifford Chance, “A Fintech Regulatory Sandbox: The Treasury’s Modest Proposal” (August 2018) <www.cliffordchance.com/briefings/2018/08/a_fintech_regulatorysandboxthetreasury.html> accessed 24 January 2020. Also, on specific constraints, but also possibilities regarding the implementation in the US as well as on the obstacles to a federal US sandbox, see Allen, supra, note 32. Yet, Carney, C, “Robo-Advisers and the Suitability Requirement: How They Fit in the Regulatory Framework” (2018) 2 Columbia Business Law Review 586 Google Scholar sees potential for a US sandbox, at least in view of the element of regulatory guidance and rule-clarification (see p 612 ff). See also Thomas, LG, “The Case for a Federal Regulatory Sandbox for Fintech Companies” (2018) 22 North Carolina Banking Institute Journal 257 Google Scholar advocating for a revival of the Financial Services Innovation Act of 2016, which proposed a sandbox on a federal level, but died in Congress.

111 For a more comprehensive description of a follow-up trajectory, see Ringe and Ruof, supra, note 35.

Article contents

Regulating Fintech in the EU: the Case for a Guided Sandbox

Abstract

I. Introduction

II. The case for a regulatory sandbox

1. Description and general principle

2. Concept of a regulatory sandbox

a. Entry conditions

b. Consumer protection/safeguards

c. Timeframe of sandboxing

d. Relaxation of regulatory burden

e. Exit

3. General benefits of a regulatory sandbox

4. A sandbox for financial technology

a. How a sandbox benefits fintechs

b. How a sandbox helps regulators

c. How sandboxes benefit consumers and contribute to their protection

d. How a sandbox can support financial stability

5. Advantages over a change of the regulatory framework

6. Downsides and preliminary conclusion

III. Specific proposal

1. An EU-wide regulatory sandbox

2. The case for a “guided sandbox” on the Member State level

3. Follow-up regulatory trajectory Footnote 111

IV. Conclusion

Footnotes

References

Save article to Kindle

Save article to Dropbox

Save article to Google Drive

Reply to: Submit a response

Your details

You have entered the maximum number of contributors

Conflicting interests

3. Follow-up regulatory trajectory^{Footnote 111}