RBI’s Draft Enabling Framework for Regulatory Sandbox: A Step Forward in Innovation – CorpLexia

Court + Bench
May 16, 2019
Date of Decision
Subject matter
Type of Work
x - Original link
x - Pretty URL

Amidst much speculations in the FinTech sector, the Reserve Bank of India (“RBI”) released the Draft Enabling Framework for Regulatory Sandbox, 2019 (“Draft Framework”) on 18th April 2019 aimed at enhancing financial inclusion and innovation in the Indian financial sector, especially for FinTech start-ups. This article seeks to discuss various important clauses of the Draft Framework and examine them in light of the objectives sought to be achieved by it and thereafter, suggest some changes.

[Mansi Mishra is a student of second year B.A. LL.B. (Hons.) at the National Law Institute University, Bhopal]

About the Draft Framework

The object behind the Draft Framework is to set up Regulatory Sandbox (“RS”) in order to actively respond to and foster increasing dynamism in the FinTech sector, thus facilitating innovation in the sector. The Draft Framework defines a Regulatory Sandbox as “a tool for live testing of new products or services in a controlled/test regulatory environment for which regulators may (or may not) permit certain regulatory relaxations for the limited purpose of the testing”. All FinTech entities that satisfy the criteria for being a start-up would form the pool of eligible applicants for testing their products/services during a stipulated period which can extend to six months. The RBI has been vested with the discretion to relax, if warranted, the regulatory requirements for the entities testing their products in the RS. The Innovators and Fintechs must also meet certain stern requirements proposed under the Draft Framework.

The operation of the RS would take place through a cohort-based model, similar to that of the U.K. which has pioneered its implementation. Although RBI can exempt testing entities from meeting certain restrictive regulations, however, the Draft Framework has proposed to mandate five requirements which cannot be circumvented in any case whatsoever which are KYC requirements, customer privacy and data protection, security of transactions, security of storage and transactions of stakeholders’ payment data and statutory restrictions.

Operation of the Regulatory Sandbox

To begin with, only 10-12 entities would be accepted for the first testing process. A few cohorts would be run i.e. end-to-end sandbox process, with a limited number of entities placed in each cohort testing their products within a stipulated time. Interested FinTech start-ups would have to apply for testing their product/service. The applicant is supposed to clearly define and lay down the test scenarios and expected outcomes, appropriate boundary conditions, relevant regulatory barrier that prevents deployment of the product/service at scale, an acceptable exit and transition strategy and an existing gap in the financial ecosystem along with the proposal to address it in its application to the RBI.

After the end of the testing period, the entity would have to exit the RS after addressing any existing obligation to its customers of the financial services under such experimentation. RBI can also turn an entity out of the RS during the testing period if the entity does not achieve its intended purpose as per the averments made in the application and existing test scenarios. Upon successful experimentation and on exiting the RS, the sandbox entity would have to fully comply with the relevant regulatory requirements.

Eligible Participants and Exclusions

Only those companies which are incorporated and registered in India and satisfy the criteria for start-ups as per Government of India. The applicants would be put through a comprehensive selection process the parameters for which have been given in a detailed manner under ‘Fit and Proper criteria for selection of participants in RS’ which includes the following conditions-

  • the applicant should be a company incorporated and registered in India along with satisfying the criteria for being a start-up;
  • an interested entity should have a minimum net worth of ₹50 lakh as per its latest audited balance sheet;
  • the directors/promoters of the applicant company should be fit/proper, their behaviour should be satisfactory and a declaration should be made regarding them being fit/proper;
  • the applicant company should have satisfactory bank conduct, CIBIL or equivalent credit score of the entity along with its promoters/directors;
  • the entity should have adequate IT safeguards for data and privacy protection. RBI would, in turn, carry out the relevant checks in order to ensure end-to-end integrity of information processing by the entities concerned;
  • the applicant company must show that the proposed service/product is deployable in the broader market and also demonstrate arrangements that would ensure compliance with regulations/laws on data protection and privacy.

Excluded from the scope of RS testing are all those product/services which are not novel in addition to the indicative list provided in the Draft Framework itself. That list includes credit registry, crypto-assets, initial coin offerings, chain market services, credit information, etc.

What RBI’s Draft Framework Entails

This Framework is a welcome step in terms of boosting the creative and innovative output of FinTech ventures. The participants would get first-hand empirical evidence of customers’ response in a protected regulatory environment, thus, giving market players the chance to adapt themselves to the customers’ needs and make modifications accordingly.

Despite its merits, the Draft Framework has its own set of pitfalls. These are:

  1. In the Draft Framework, only start-ups are eligible to avail the benefit of testing their innovations in the RS. Such a provision is in variance with the objective of financial inclusion envisaged by the Draft Framework and fails to take account of the fact that other business set-ups would stand no chance of testing the innovations that they come up with under the RS.
  2. Interestingly, the Draft Framework has conferred an absolute and unconditional discretion on the RBI with respect to multiple pivotal points, for instance, the grant of exemption from regulations extension of time in RS, turning an entity out of RS, judging of success of an entity in RS and disclosure of information of entities.
  3. The Draft Framework indemnifies RBI of all the liabilities that an applicant might incur during the RS Process. An applicant would be solely responsible. This approach of outright indemnification might create problems in the Indian financial market. Liability issues arising in event of failed testing, thereby, resulting in harm to customers or other participants, which may prove to be a threat to the reputation of the regulator and trust of customers in the financial system, call for a more comprehensive address.
  4. Similarly, subjective discretion in granting regulatory relaxations might lead to a regime where some RS entities would have an upper hand over the others by way of regulatory exemptions.
  5. In addition to that, the prescribed time period for preliminary screening alone is 4 weeks, which is more than that in other jurisdiction like the U.K. and Malaysia. In Malaysia, the applicants are informed about their eligibility within 15 days of applying. Procedural delays and complexities would lead to discouragement among prospective applicants who seek to apply for RS testing.


  1. Eligibility for RS Testing should not be limited to start-ups only. In jurisdictions like Japan and Malaysia, where RSs have given an immense boost to the FinTech sector, the eligibility is not restricted to start-ups. In the U.K., for instance, all that is required is that the FinTech entity must be authorised or registered by the Financial Conduct Authority, unless certain exemptions apply. Equitable treatment in respect of regulatory relaxations calls for a uniform set of principles governing the grant of exemptions so that all the entities would be at an equal footing, leading to a fair testing procedure.
  2. There should be certain exceptions to the rule of outright indemnity of the regulator, considering the extent of discretionary powers that the RBI possesses with respect to approval of RS applications and more.
  3. Under the Draft Framework, no criteria or time period has been prescribed for the decision of extension of an entity’s term in an RS. The discretion for the same has been vested with the RBI in an unconditional manner. A clearly defined scheme of conditions should be laid down under which RBI can extend the stay of an entity in the RS upon expiration.
  4. It is suggested that the Final Framework should incorporate a mechanism for fast-track approvals, wherein the preliminary screening should be done and the result communicated to the applicants in an expedited manner rather than the 4 weeks period prescribed in the Draft Framework. Other jurisdictions, such as Singapore, are contemplating putting in place a similar mechanism in those areas which can be contained in pre-specified sandboxes in a reasonable manner.
  5. Finally, it is also suggested that the Final Framework should provide for an assistance mechanism to the applicants and entities. Successful examples of this would be Japan where the RS team provides consultation and Hong Kong where a FinTech Supervisory Chartroom has been set up to provide feedback to banks and tech firms at an early stage of experimentation.


Overall, RBI’s Draft Enabling Framework for Regulatory Sandbox looks promising and would go a long way in fostering growth and innovation in the FinTech sector which is evolving faster than ever. Customers would also be able to reap the benefits of the competition among the players leading to enhancement in quality of products/services/offerings.

Discover more: