This article was written by Tim Dolan (partner) and Charlotte Collins (professional support lawyer).
The FCA announced in a speech on 11 April 2016 that its Regulatory Sandbox - which will provide a ‘safe space’ in which businesses can test innovative products, services, business models and delivery mechanisms without immediately incurring all the normal regulatory consequences - will be open to applications from 9 May 2016. It has also published a new webpage, and two new documents on the Sandbox:
1. Default standards for Sandbox testing parameters; and
2. Sandbox eligibility criteria.
Setting up the Sandbox
The launch of the much-publicised Sandbox will be an important step for the FCA, both in terms of playing its part in supporting ambitions to make the UK a global leader in FinTech, and more generally helping to further its competition objective.
Plans for a Sandbox were announced last November, as an extension to the FCA’s “Project Innovate” – a project launched in October 2014 which seeks to help innovator businesses developing new products and services to navigate the regulatory landscape.
To date, Project Innovate has offered assistance by helping businesses to understand the regulatory framework and how it applies to them, providing assistance with the authorisation process, and making available dedicated contacts at the regulator. However, businesses still need to commit substantial resources to getting authorised and/or launching products before they can properly test consumer demand. The Sandbox is intended to build on the work of Project Innovate by lowering barriers for businesses to begin testing new products and services.
Who gets to play?
The Sandbox will be available to only a limited number of businesses at first, with the FCA planning to run two “cohorts” (i.e. intakes) each year. Therefore, its immediate impact is expected to be fairly limited. The eligibility criteria published by the FCA give a broad indication of the sorts of applicants that may be allowed into the Sandbox, but the criteria have been kept very high-level (presumably to give the FCA maximum scope to choose who it is willing to admit). The FCA emphasises that it will select firms with the best-prepared testing plans for the first cohorts, so readiness for testing will be a key factor in the selection process.
The Sandbox will be available both to existing regulated firms, and to new start-ups. Technology businesses which support authorised firms (for example, outsourced services providers) may also apply to the Sandbox.
Rather than removing authorisation requirements altogether for Sandbox firms which are not yet authorised (which the FCA did consider, but it seems consumer protection concerns won out in the end), the FCA has decided to follow a similar model as for banking applications. There will be a staged authorisation process that will enable firms to become authorised with restrictions in order to test their ideas at first. Restrictions may be lifted further down the line, once the business can satisfy the relevant criteria for full authorisation.
Therefore, although businesses will need to obtain some form of authorisation, this should in theory involve less time and lower costs as compared with the full authorisation process, making it easier for businesses to gain initial access to financial services markets.
Firms wishing to apply for admission to the Sandbox will need to complete an application form that the FCA will make available on its website from 9 May. Applicants for the first intake will need to apply by 8 July 2016, and it is expected that the application deadline for the second cohort will be in January 2017.
What are the rules?
Businesses will need to have a clear testing plan and will be limited to conducting only small scale testing in the Sandbox. The testing period is expected to be between three and six months. Appropriate customer safe-guards will need to be agreed between businesses and the FCA on a case-by-case basis in advance of testing, based around certain minimum standards.
During testing, the FCA expects that firms will generally have to report each week on agreed testing milestones, key findings and risk management.
Firms using the Sandbox should receive further support on applying the FCA’s rules - most likely in the form of individual guidance issued by the regulator. However, when considered appropriate the FCA may offer waivers of its rules (noting that it cannot offer waivers under primary legislation or EU rules unless there is a specific carve-out) or, in limited cases, "no enforcement action" letters. Whilst these measures may help firms individually, the FCA clearly is keen to keep away from issuing blanket industry-wide guidance. However, the FCA has indicated that it will look to publish findings from Sandbox testing, so there ought to be chance for FinTech businesses more widely to benefit from the lessons learned.
More places to play
The FCA’s Sandbox will be the first of its kind to be launched by a financial services regulator, although regulators in other jurisdictions, such as Australia, are not far behind (more information on FinTech in Australia and its plans for a sandbox can be found here).
The FCA has also indicated that it hopes for additional industry-led sandboxes to be developed in future.
We will wait to see how many businesses come out to play and how they fare. Whilst the FCA's obvious commitment to innovation is to be commended, it will be interesting to see how many businesses do benefit in practice and how long it takes for results to be seen, particularly if unauthorised businesses need to go through a semi-authorisation process before any testing can begin.
Clearly a key challenge for the FCA will be balancing the obvious tension between its competition objective and its consumer protection objective. The fact that the rules and scope of the Sandbox are perhaps more conservative than it was initially suggested they might be indicates that, for the time being at least, the latter objective is at the front of the FCA’s mind.