The Reserve Bank of India published last week its draft guidelines on regulatory sandbox – a framework under which financial technology firms can carry out innovations and test new products without strict regulations. The central bank’s initiative to introduce a regulatory sandbox framework brings India in line with the dominant economies and is highly beneficial for the financial technology sector, which has seen a boom in India in recent times with the emergence of startups like Paytm, PhonePe etc.
A sandbox allows the testing of novel financial products, technologies and business models under appropriate safeguards. It brings down the cost of innovation and allows regulators to gain insights before deciding the approach towards regulation. Without a sandbox like environment, new entrants and innovators would be uncertain about the regulatory treatment. This could inhibit financial innovations — some of which may hold the key to greater financial inclusion in a country like India.
The Reserve Bank of India’s (RBI)’s proposed guidelines for the regulatory sandbox carries a few concerns that require careful evaluation.
Eligibility criterion: As per the published draft guidelines of the RBI, only ‘FinTech firms which meet the eligibility conditions prescribed for startups by the government are eligible’. This requirement ensures that existing players that have been incorporated or registered for more than 7 years (except for firms in the biotechnology sector – for which the requirement is 10 years), and/or have a turnover of more than Rs 25 crore in any financial year since their incorporation or registration, are automatically excluded. Such a condition is too restrictive for an efficient regulatory sandbox. The ambit of the regulatory sandbox should be wider to foster innovation.
The ambit of the regulatory sandbox should be wider to foster innovation. The draft guidelines restrict the incumbent firms to test their innovative products and processes in the regulatory sandbox environment. For example, UK’s regulatory sandbox is open to ‘authorised firms’, ‘unauthorised firms that require authorisation’ and ‘technology businesses’, and there is no restriction that qualifies only a certain category of FinTech firms to be eligible for participating in the regulatory sandbox.
Exclusion from sandbox testing: The RBI’s draft guidelines provides an indicative negative list of products/services/technology, which may be not accepted for testing. The negative list includes ‘credit registry’, ‘credit information’, ‘crypto currency/crypto assets services’, ‘trading or investing or settling in crypto assets’, ‘initial coin offerings’, ‘chain marketing services’ or ‘any product or services which have been banned by the regulator or Government of India’. The need for such an explicit negative list is unclear. In particular, especially in the Indian context, there is a need to foster innovation in credit information systems. Any innovation that may create a more innovative and cost-effective credit registry should be encouraged, given the fact that there is a need to use alternative data for credit assessment of entities that do not have a formal credit history. It is pertinent to note that the UK’s Financial Conduct Authority (FCA) also does not provide such a negative list.
Requirement for ‘satisfactory’ CIBIL Score: The draft guidelines also require a satisfactory CIBIL or equivalent credit score of the promoter(s)/director(s)/entity. The need for such restrictive requirement is unclear since there is already a separate requirement, which states that ‘the conduct of the bank account of the entity as well as its promoters/directors should be satisfactory’ along with the net worth requirement of Rs 50 lakh.
In the Indian context, many of the startups, especially technology startups, are driven by students of various educational institutions. For many of them, satisfying the ‘CIBIL or equivalent credit score’ criterion may be difficult as they may not have ever accessed formal credit. It is also unclear what a ‘satisfactory’ credit score entails since there are no details given about how this aspect is to be judged.
Excessive discretion: The RBI’s framework for the regulatory sandbox proposes a number of entry barriers that seem extremely vague and subjective. They also place onerous requirements on the directors of potential regulatory sandbox participants by ensuring that they meet the ‘fit and proper’ criteria laid out by them and have ‘satisfactory’ conduct. Even the ‘fit and proper’ criterion requires one to declare if there have been any criminal proceedings against the director that are either pending or commenced or have resulted in conviction. Contrast this with the ‘fit and proper’ guideline for directors of banks, where the details of criminal proceedings are relevant only for the last five years. The rationale behind this distinction is unclear.
While the ‘fit and proper’ criterion is at least objective to some extent, there is an additional requirement for ‘satisfactory’ conduct of promoters/directors. This brings in a great amount of subjectivity, since there is absolutely no benchmark for the ‘satisfactory’ conduct to be tested against. Adding to this vagueness are the requirements to ensure compliance with existing regulations/laws on consumer data protection and privacy, and to have adequate safeguards built in its IT systems. There is neither an overarching data protection framework in the country, nor universally accepted benchmarks for robust IT systems. It is unclear which laws and regulations are the potential participants required to comply with. This is extremely significant for the simple reason that it makes entry into the regulatory sandbox extremely subjective and subject to great regulatory discretion.
Publication of information: The RBI’s draft guidelines also state that the central bank reserves the right to publish “…any relevant information about the RS applicants on its website, including for the purpose of knowledge transfer…”. Such a blanket right for the regulator may be detrimental for the entities that are trying to establish a particular business model. If the regulator publishes sensitive business model related details on its website, it may give undue advantage to the potential competitors of the entity. So, such rights of the RBI need to be restricted only in respect to relevant and specific details. For instance, in the UK, the FCA has published the “Regulatory sandbox lessons learned report” without providing any sensitive business model-related information.
Nelson Chaudhuri is a Research Fellow at the National Institute of Public Finance and Policy (NIPFP).
Radhika Pandey is a Fellow at the National Institute of Public Finance and Policy (NIPFP).
Shivangi Tyagi is a Research Fellow at the National Institute of Public Finance and Policy (NIPFP).
The views and opinions expressed in this article are those of the authors and not of their institution.