How Regulators Respond to Fintech
Evaluating the Different Approaches—Sandboxes and Beyond
FINANCE, COMPETITIVENESS
& INNOVATION
GLOBAL PRACTICE
Fintech Note | No. 5
�© 2020 International Bank for Reconstruction and Development
The World Bank Group
1818 H Street NW Washington DC 20433
Telephone: 202-473-1000
Internet: www.worldbank.org
Disclaimer
This work is a product of the staff of The World Bank with external contributions. The findings, interpretations, and con-
clusions expressed in this work do not necessarily reflect the views of The World Bank, its Board of Executive Directors,
or the governments they represent.
The World Bank does not guarantee the accuracy of the data included in this work. The boundaries, colors, denomina-
tions, and other information shown on any map in this work do not imply any judgment on the part of The World Bank
concerning the legal status of any territory or the endorsement or acceptance of such boundaries.
Rights and Permissions
The material in this work is subject to copyright. Because the World Bank encourages dissemination of its knowledge,
this work may be reproduced, in whole or in part, for noncommercial purposes as long as full attribution to this work is
given.
Any queries on rights and licenses, including subsidiary rights, should be addressed to the Office of the Publisher, The
World Bank, 1818 H Street NW, Washington, DC 20433, USA; fax: 202-522-2422; e-mail: pubrights@worldbank.org.
Photo Credits: World Bank Photo Library and Shutterstock
�Table of Contents
Acknowledgments iii
Glossary iv
Abbreviations and Acronyms vi
Executive Summary ix
I. Introduction 1
II. Challenges in regulating Fintech 3
III. The Different Regulatory Approaches 7
Regulatory Approach 1: “Wait-and-See” 10
Regulatory Approach 2: “Test-and-Learn” 11
Regulatory Approach 3: Innovation Facilitators 14
Innovation Hubs 15
Regulatory Sandboxes 19
Regulatory Accelerators or Regtech Labs 25
Regulatory Approach 4: Regulatory Laws and Reforms 29
IV. Evaluating the Right Regulatory Approach 33
V. Guidance for Policymakers & Conclusion 37
Annex 1: Elements of the Bali Fintech Agenda 43
Annex 2: List of Innovation Facilitators 45
Endnotes 51
TABLE OF CONTENTS I
��Acknowledgments
This discussion note is a product of the Financial Inclusion, Infrastructure & Access Unit in
the World Bank Group’s Finance, Competitiveness & Innovation Global Practice.
This note was prepared by Sharmista Appaya (Senior Financial Sector Specialist & Task
Team Leader) and Helen Luskin Gradstein (Financial Sector Specialist). The paper ben-
efitted by inputs from Dorothee Delort (Senior Financial Sector Specialist) and Thervina
Mathurin-Andrew (Ministry of Finance, St Lucia), and was supported by Renuka Pai
(Analyst Consultant). Mahesh Uttamchandani and Alfonso Garcia Mora provided overall
guidance. The team is grateful for the substantive feedback received from peer review-
ers Harish Natarajan, Ana Fiorella Carvajal, Pierre-Laurent Chatain and Ivo Jenik. The
team thanks Naylor Design, Inc. for design and layout assistance.
The findings, interpretations, and conclusions expressed in the paper and case studies
are entirely those of the authors. They do not necessarily represent the views of the
World Bank Group and its affiliated organizations or those of the Executive Directors of
the World Bank or the governments they represent.
ACKNOWLEDGMENTS III
� Glossary
Alternative Credit Scoring is defined as non-traditional models of assessing credit risk using
machine learning and algorithms based on big data mining.1
Anti-money laundering and countering the financing of terrorism (AML/CFT) measures
are defined by the Financial Action Task Force (FATF), the international standard setter in this
area. The BCBS regularly issues guidance to facilitate banks’ compliance with their obligations
in this area.
Artificial Intelligence (AI) is defined as IT systems that perform functions requiring human
capabilities. AI can ask questions, discover and test hypotheses, and make decisions automati-
cally based on advanced analytics operating on extensive data sets. Machine learning (ML) is
one subcategory of AI.2
Big data designates the large volume of data that can be generated, analyzed and increas-
ingly used by digital tools and information systems. This capability is driven by the increased
availability of structured data, the ability to process unstructured data, increased data storage
capabilities and advances in computing power.
Crowdfunding is the practice of funding a project or venture by raising monetary contributions
from a large number of people. It is often performed today via internet-mediated registries
that facilitate money collection for the borrower (lending) or issuer (equity).3
Distributed ledger technology (DLT) such as blockchain are a means of recording informa-
tion through a distributed ledger, i.e. a repeated digital copy of data at multiple locations.
These technologies enable nodes in a network to securely propose, validate and record state
changes (or updates) to a synchronised ledger that is distributed across the network’s nodes.4
Fintech Ecosystem is made up of consumers, financial institutions, Fintech start-ups, investors,
regulators and educational institutions and aims to provide mutually beneficial cooperation
among stakeholders, to help deliver financial services at lower cost, higher speed and at better
quality to more consumers.5
Fintech refers to the advances in technology that have the potential to transform the pro-
vision of financial services spurring the development of new business models, applications,
processes, and products.6
Innovation Facilitator are public sector initiatives to engage with the Fintech sector, such as
Regulatory Sandboxes, Innovation Hubs and Innovation Accelerators.7
Innovation Hub/Office refers to an Innovation Facilitator set up by a supervisory agency that
provides support, advice or guidance to regulated or unregulated firms in navigating the
regulatory framework or identifying supervisory policy or legal issues and concerns. Unregu-
lated entities can engage with regulators to discuss Fintech-related issues (share information
and views etc.) and seek clarification on the conformity with the regulatory framework and/or
licensing requirements.
IV GLOSSARY
�Machine Learning (ML) is a method of designing problem-solving rules that improve auto-
matically through experience. Machine-learning algorithms give computers the ability to learn
without specifying all the knowledge a computer would need to perform the desired task, as
well as study and build algorithms that can learn from and make predictions based on data
and experience.8
New entrant refers to a prospective financial services provider that has not been authorized by
the regulator yet.
No enforcement action letters provide assurance to a firm that the regulator would not take
enforcement action against them, so long as they comply with the conditions specified in the
letter.
Peer-to-peer (P2P) lending refers to direct lending from savers to borrowers—traditionally the
platform avoids intermediation by banks but also do not bear the risk of default.9
Regtech refers to a regulatory technology or Regtech involves new technologies to help regu-
lated financial service providers streamline audit, compliance and risk management and other
back office functions to enhance productivity, and overcome regulatory challenges, such as the
risks and costs related to regulatory reporting and compliance obligations. This can also refer
to firms that offer such applications.
Regulatory Accelerator or Regtech Lab refers to a partnership arrangement between Fin-
tech providers and central banks/supervisory agencies to ‘accelerate’ growth or develop use
cases, such as suptech or regtech, which may involve funding and/or authorities’ endorsement/
approval for future use in central banking operations or in the conduct of supervisory tasks.
Regulatory exemptions or waivers exempt a firm from requiring authorization to carry out a
regulated activity or compliance with a specific requirement.
Regulatory Sandbox is a controlled, time-bound, live testing environment, which may fea-
ture regulatory forbearance and alleviation through discretions. The testing environment may
involve limits or parameters within which the firms must operate.
Restricted or temporary licenses can give a firms a license but set limitations on their autho-
rization for example, the type of service that can be provided or the number of customers that
can be served or the time validity of the license.
Suptech is the use of innovative technology by supervisory agencies to support supervision. It
is intended to help supervisory agencies to digitize (in the main) reporting and regulatory pro-
cesses, resulting in more efficient and proactive monitoring of risk and compliance at financial
institutions.10
GLOSSARY V
� Abbreviations
and Acronyms
ACPR Autorite de Controle Prudentiel, France
ADGM Abu Dhabi Global Market
AI Artificial Intelligence
AMF Autorite des Marches Financiers, France
AML Anti- Money Laundering
API Application Programming Interface
ASEAN Association of Southeast Asian Nations
ASIC Australian Securities and Investment Commission
BCBS Basel Committee for Banking Supervision
BFA Bali Fintech Agenda
BIS Bank of International Settlements
BNM Bank Negara Malaysia
BNR National Bank of Rwanda
BoE Bank of England
BOT Bank of Thailand
BSP Bangko Sentral ng Pilipinas
CBK Central Bank of Kenya
CDD Customer Due Diligence
CFPB Consumer Financial Protection Bureau
CFT Combating the Financing of Terrorism
CFTC Commodities and Futures Trading Commission
CGAP Consultative Group to Assist the Poor
CMA Capital Markets Authority (Kenya)
CNBV Comisión Nacional Bancaria y de Valores, Mexico
CPMI Committee on Payments and Market Infrastructures
DFS Digital Financial Services
DIFC Dubai International Financial Centre
DLT Distributed Ledger Technology
EC European Commission
EMDE Emerging Markets and Developing Economies
VI ACRONYMS AND ABBREVIATIONS
�EU European Union
FATF Financial Action Task Force
FCA Financial Conduct Authority
FINMA Swiss Financial Market Supervisory Authority
FSB Financial Stability Board
GDPR General Data Protection Regulation
GPFI Global Partnership for Financial Inclusion
GSMA Groupe Spéciale Mobile Association
HKMA Hong Kong Monetary Authority
IAIS International Association of Insurance Supervisors
ICO Initial Coin Offering
IDB Inter-American Development Bank
IFC International Finance Corporation
IMF International Monetary Fund
IOSCO International Organization of Securities Commissions
IRDAI Insurance Regulatory and Development Authority of India
JFSA Japan Financial Services Agency
KPMG Klynveld Peat Marwick Goerdeler
LAC Latin America and the Caribbean
MAS Monetary Authority of Singapore
MENA Middle East North Africa
MNO Mobile Network Operator
NBFI Non-Bank Financial Institution
NFIS National Financial Inclusion Strategy
NGO Non-Governmental Organization
OCC Office of Comptroller of the Currency
OIC Office of Insurance Commission (Thailand)
OJK Otoritas Jasa Keuangan (Financial Services Authority of Indonesia)
P2P Peer-to-peer
PoC Proof of Concept
ACRONYMS AND ABBREVIATIONS VII
� RBI Reserve Bank of India
Regtech Regulatory Technology
RURA Rwanda Utilities Regulatory Association
SAMA Saudi Arabia Monetary Authority
SARB South African Reserve Bank
SFC Securities and Futures Commission of Hong Kong
SME Micro, Small-, and Medium-Sized Enterprises
SSB Standard-Setting Bodies
Suptech Supervisory Technology
SWIFT Society for Worldwide Interbank Financial Telecommunications
UAE United Arab Emirates
UFA Universal Financial Access
UK United Kingdom
UNCDF United Nations Capital Development Fund
UNSGSA UN Secretary-General’s Special Advocate for Inclusive Finance for Development
USAID United States Agency for International Development
WBG World Bank Group
VIII ACRONYMS AND ABBREVIATIONS
�Executive Summary
Technology is changing the paradigm of financial services and putting pressure on finan-
cial sector authorities: pressure to adapt to innovations already advanced in their market,
and pressure to foster financial innovation so that their market doesn’t lag behind peer
countries. The past few years have demonstrated that regulations will need to evolve
to cover new activities and business models that have been brought about by financial
technology (Fintech11) as it works to disintermediate the financial services value chain and
transform the landscape as a whole.
Digital disruption however is not new, and we have long been able to summon movies,
food, cars and flowers at the touch of a button. However, the impact on the financial sec-
tor is different, primarily due to a) the knock-on macroeconomic impact it can have on
financial integrity and stability b) the challenges it poses for regulators and policymakers
due to the lack of reliable data, the unconventional business models and the potential
legal amendments that might be required and c) the bearing on consumer protection.
This makes it vitally important that as policymakers foster an enabling environment, the
appropriateness of the financial sector policy framework and the potential risks to statu-
tory objectives are monitored closely and mitigated.12
Policymakers, regulators and supervisors13 worldwide are finding themselves in a regu-
latory dilemma when trying to achieve the right balance between enabling innovative
Fintech and safeguarding the financial system.
Policy responses seen across jurisdictions to Fintech can be broadly grouped into: (i)
applying existing regulatory frameworks to new innovations and their business models,
often by focusing on the underlying economic function rather than the entity; (ii) adjusting
existing regulatory frameworks to accommodate new entrants and the re-engineering of
existing processes to allow adoption of new technologies; and (iii) creating new regula-
tory frameworks or regulations to include (or prohibit) Fintech activities. To support the
development of an appropriate legal, regulatory and supervisory framework around the
three policy responses, countries have been exploring different regulatory approaches
and initiatives designed to promote innovation and experimentation. This paper explores
those regulatory approaches in some detail.
Regulatory approaches can be applied either in combination or solely and are not mutu-
ally exclusive. We have classified them into four regulatory approach categories (a) “Wait
& See”, (b) “Test & Learn”, (c) Innovation Facilitators (including Sandboxes) and lastly
(d) Regulatory Laws and Reform. They are often adopted in areas where the regulatory
framework is either unclear or where there are gaps, or to specifically support a statutory
EXECUTIVE SUMMARY IX
� objective with the aim of implementing an enabling envi- adopted by policymakers, there is insufficient evidence to
ronment for Fintech. It is then the outcomes and lessons claim that it is the most effective. The GFS of country Fin-
distilled from the use of approaches and the associated tech experiences conducted in 2019 as part of the WBG-
regulatory tools that will help define a regulatory response IMF Bali Fintech Agenda gathered responses from nearly
for the country (i.e. regulatory reforms). a hundred countries. Of those surveyed, it was identified
that nearly thirty-three Sandboxes have been initiated
When deciding which approach or sequence of approach-
since 2016, bringing the total number of Sandboxes glob-
es to adopt in order to inform subsequent policy respons-
ally to over 6017 at last count.
es, there are a number of considerations that need to
be made by the policymaker such as the objectives they Other Innovation Facilitators, however, such as Fintech
are trying to achieve, how Fintech plays into the over- Accelerators and Innovation Hubs which have been used
arching strategy for the country, considerations of the instead of, or as a complement to, a Regulatory Sandbox
critical success factors, and importantly, the country cir- have shown promise of being more effective and suitable
cumstance. Undertaking an assessment of the landscape to business needs. Innovation Hubs or Offices in particu-
while taking into consideration the country context, is a lar are often seen as the first step along a regulatory jour-
necessary first step for all regulators prior to selecting an ney—providing support, advice, guidance and even, in
approach to Fintech. some cases, physical office space, to either regulated or
unregulated firms to help them identify opportunities for
Of the approaches described above, the Regulatory Sand-
growth, and navigate the regulatory, supervisory, policy or
box14 has been garnering substantial attention. According
legal environment. Results however, are still developing,
to the Global Fintech Survey (GFS),15,16 it was found that
and it is too early to draw a definitive conclusion on the
while the Regulatory Sandbox was a common response
outcomes.
FIGURE 1: Factors to Consider Before Evaluating a Regulatory Approach
How well established is the legal and regulatory framework?
Legal
What powers are afforded to the regulator by the mandate under which it operates?
mandate
Is it a rules-based or principles-based regulatory framework?
How competitive is the market?
Market
Number of entities excluded/underserved and MSMEs
conditions
Number and types of financial institutions
Stakeholder How many regulators oversee financial supervision?
ecosystem Coordination with technology regulators
Capacity and How much resources—both financial and human—does the
resources regulator have available?
Maturity of Maturity of the players in the market
the Fintech Relationship between incumbents and Fintechs
segment Other players such as industry accelerations, VC funds etc.
X HOW REGULATORS RESPOND TO FINTECH: EVALUATING THE DIFFERENT APPROACHES—SANDBOXES AND BEYOND
�In order for Fintech to thrive a multi-dimensional approach financial sector moves on from bilateral to networked
needs to be adopted. Our experience has revealed that business models, so too must international institutions
a detailed review of existing laws and regulations, com- and domestic authorities enhance mechanisms through
bined with a defined means of communication with the which to co-innovate, share experience and coordinate
regulator (such as an innovation office to serve as point of efforts to promote an orderly adoption and integra-
contact) and in suitable cases a “test-and-learn” method- tion of innovation. The healthy development of such an
ology which could potentially result in regulatory reform ecosystem will result in mutually beneficial cooperation
has worked best. This requires an in-depth consideration of among stakeholders, and eventually, help financial ser-
regulatory framework and constantly fine-tuning it to suit vices be delivered at lower cost, higher speed and at
the changing environment and emerging business models. better quality to more consumers.
In parallel, policymakers should engage with the broader As this emerging field develops, supervisory authorities
ecosystem such as enabling infrastructure and plat- might need to be granted enough power and resources to
forms—such as interoperability and the development exercise effective, flexible and principles-based prudential
of data repositories- needed to support Fintech. With supervision. However regulatory approaches should not
a growing digital economy, the role and importance be a substitute for building effective, permanent regula-
of information and cybersecurity also increases, add- tory and legal frameworks that may eventually need to be
ing security functions to protect critical information established to create transformational change.
and infrastructure. Adaptation of policy, legal and insti-
This paper provides an overview of different regulatory
tutional contexts should be complemented by knowl-
approaches to Fintech, discusses their pros and cons
edge exchange. The interdependence of our financial
using country case studies where appropriate, while pro-
systems demand that we collectively strengthen our
viding high-level guidance and allowing policymakers to
efforts in knowledge sharing and coordination. As the
draw from lessons and learnings across the globe.
FIGURE 2: Process to Identify Regulatory Approaches and Policy Responses Towards Fintech
TIPS FOR SUCCESS
Engage early and often with the market
Get Executive
- Level Sponsorship
Gauge Preparedness to offer Regulatory Relief
Facilitate interagency coordination and collaboration
1. Define objectives
Identify KPIs
and policy priorities
Focus on principles not rules
Communication with the market
6. Implement
policy 2. Assess conditions
response and feasibility
Legal and Regulatory Framework
POLICY RESPONSES
Risks and Capacity
1. Apply existing regulatory
Maturity of FinTech Segment
framework
Market Conditions
2. Adjust existing regulatory
Stakeholder Ecosystem
framework
3. Create new regulatory 5. Measure 3. Identify
outcomes risks
framework
4. Select
regulatory
approach REGULATORY APPROACHES
Wait and See
Test and Learn
Innovation Facilitators
New Regulatory Reform
EXECUTIVE SUMMARY XI
��I INTRODUCTION
Technology enabled innovation in financial services are fast reshaping economic and
financial landscape—promising customer-centric products and services, delivered with
resilience, diversity and depth. Fintech has the potential to significantly disrupt the tra-
ditional business model of financial institutions by enhancing efficiencies, reducing costs
and expanding access to financial services. While presenting opportunities, Fintech also
presents risks at both the macro and micro levels.
Digital disruption however is not new, and we have long been able to summon movies,
food, cars and flowers at the touch of a button. However, the impact on the financial
sector is different, primarily due to a) the macroeconomic impact it can have on financial
integrity and stability, b) the challenges it poses for regulators and policymakers and the
potential legal amendments that might be required and c) the risks towards consumers.
This makes it vitally important that as policymakers foster an enabling environment,21 the
financial sector policy framework and the potential risks to statutory objectives are moni-
tored closely and mitigated.
BOX 1
Potential Impacts of Fintech on Financial Inclusion
Financial inclusion is one of critical drivers of poverty reduction and economic
growth in emerging markets and developing economies as identified by the G20.
Currently, an estimated 1.7 billion adults globally lack access to a transaction
account and are excluded from the formal financial system.18 While there have
been tremendous gains that have already been achieved in furthering inclusion,
the fast-evolving digital economy together with effective supervision—which
may be digitally enabled- are essential to cross some of the remaining hurdles in
achieving financial inclusion.19,20 New technology-enabled financial services such
as peer-to-peer (P2P) lending, crowdfunding, alternative credit scoring, and new
forms of savings, remittances and insurance, if properly regulated, can extend
the benefits of financial inclusion to millions of unbanked and underbanked peo-
ple around the world.
INTRODUCTION 1
� This has led to financial sector policymakers, regulators The report introduces a range of regulatory responses
and supervisors22 worldwide finding themselves in a reg- that have been used by regulators thus far to engage with
ulatory dilemma when trying to achieve the right balance Fintech and provides guidance for policymakers to under-
between enabling innovative Fintech and safeguarding stand the benefits and limitations of each, while taking
the financial system. Regulators are facing many impedi- into context the determinants for their relative appropri-
ments to striking this balance, and effectively supervising ateness within jurisdictions. While some Fintech activities
and regulating emerging innovations remains a challenge. can often be covered within existing regulatory frame-
According to the Regulating Alternative Finance23 report, works, the majority of jurisdictions are taking or planning
which surveyed 111 jurisdictions, the top four reported to take additional regulatory measures to respond to
impediments to effectively supervising emerging innova- emerging Fintech services, the scope and scale of which
tion include (i) limited technical expertise (65 percent); (ii) vary substantially including new laws, Innovation Offices,
limited funding / resources (48 percent); (iii) jurisdiction Regulatory Sandboxes and even reskilling to respond to
over the activity is unclear or limited (41 percent); and (iv) transforming environment.25
need to coordinate the activities of multiple regulators
The various approaches to innovation seen globally have
(38 percent).
been collated into four main categories. The paper offers
To this end, in response to requests from policymakers particular focus on the roles of Innovation Facilitators (a
keen to foster Fintech’s potential benefits and to miti- collective term for Regulatory Sandboxes, Regulatory
gate its possible risks, the WBG and IMF in collaboration Accelerators and Innovation Offices) as novel and preva-
developed the “Bali Fintech Agenda” (BFA). As individ- lent concepts. However, it is important to note that there
ual countries formulate their policy approaches, the BFA is no one size that fits all. Assessment against several cri-
brings together and advances key issues for policymak- teria including the maturity of the sector, gaps in service
ers and the international community to consider. It distills offerings, robustness of the regulatory framework, trust in
these considerations into 4 key objectives: the system, among other considerations, are required in
order to effectively gauge the relative appropriateness of
• Objective 1: Foster enabling environment to harness
each approach within different jurisdictions.
opportunities
This paper is structured to describe the different chal-
• Objective 2: Strengthen financial sector policy frame-
lenges facing regulators given the rise of Fintech innova-
work
tions in Section II and the various regulatory approaches
• Objective 3: Address potential risks and improve resil- being taken as a response to emerging innovations in
ience Section III. Sections III also expands on each of the regu-
latory approaches in turn, and Section IV and V provides
• Objective 4: Promote international collaboration
guiding considerations to support policymakers evaluat-
Each of these objectives are further divided into 12 ele- ing an appropriate regulatory approach for their jurisdic-
ments arising from the experiences of member countries24 tion. Also included are results from the Global Fintech
(See Annex 1). The paper expands specifically on the BFA Survey conducted as part of the Bali Fintech Agenda on
Elements VI (Adapt Regulatory Framework and Supervi- the approaches taken by jurisdictions and the WBG-CGAP
sory Practices for Orderly Development and Stability of global survey on lessons learnt from existing Sandboxes
the Financial System) and VII (Modernize Legal Frame- experiences. Where possible, the paper includes country
works to Provide an Enabling Legal Landscape) as they examples as case studies, these are meant to be for illus-
relate to adaptation of Regulatory Framework, Supervi- trative purposes only and are not displayed as examples
sory Practices and Legal Frameworks. of best practice.
2 HOW REGULATORS RESPOND TO FINTECH: EVALUATING THE DIFFERENT APPROACHES—SANDBOXES AND BEYOND
� CHALLENGES IN
II REGULATING
FINTECH
There has been an increasing number of non-bank financial institutions that have come
into existence since 2008, and innovation will continue to accelerate. Although there are
numerous benefits that Fintech brings, policymakers need to also be cognizant of the
risks to consumers and, more broadly to financial stability and the challenges that regula-
tors face in regulating this, as yet, unfamiliar territory.
As the financial system adapts, concerns arise regarding a range of issues, including:
consumer and investor protection; the clarity and consistency of regulatory and legal
frameworks, and the potential for regulatory arbitrage and contagion; the adequacy of
existing financial safety nets, including lender-of-last-resort functions of central banks;
and potential threats to financial integrity. Moreover, the adoption of Fintech may pose
transition challenges, and policy vigilance will be needed to make economies resilient
and inclusive, so as to capture the full benefits of this emerging trend.
This brings a number of challenges for regulators. One of the most prominent challenges
of regulating Fintech is that it blurs international borders and creates borderless plat-
forms. Providers can offer services globally, causing complex transaction monitoring for
public authorities. This issue is exacerbated as some of the players are outside the scope
of regulation and regulation is not harmonized across borders highlighting the need
for international co-operation. These include services such as crypto-exchanges, peer-to-
peer lenders and those offered by Big Tech players—like Google, Amazon, Facebook and
Apple that are entering the realm of financial services.
Another important issue that regulators have had to deal with is the increased disin-
termediation of the value-chain and the bypassing of traditional intermediaries. This is
further complicated by bringing different sectors from finance and technology together
with to telecommunications and infrastructure to compete and collaborate as they pro-
vide services. Often sectors fall under the mandate of different regulators and call into
question regulators’ assumptions about market participants and practices. The rate of
adoption of Fintech and the potential for players to scale rapidly and the impact this has
on the financial system puts further pressure on the regulator to respond rapidly without
necessarily having the full picture. Other issues include the lack of reliable information
about the structure and operations of Fintech markets and the fragmentation of the insti-
tutional and supervisory setting.
The rapid pace of change necessitates regulators to be agile and adapt to the constantly
changing environment. To do so, policymakers need to understand how to balance sup-
port and encouragement of Fintech and disruptive technologies while also mitigating
CHALLENGES IN REGULATING FINTECH 3
� risks, including macro-fiscal risks of financial integrity and activities, and intermediaries (Element VI, of Bali Fintech
stability. While many Fintech risks might be addressed Agenda). It demands improvements and extensions of
by existing regulatory frameworks, new issues are arising monitoring frameworks to support public-policy goals and
from new firms, products, and activities that lie outside to avoid disruptions to the financial system. The regula-
the current regulatory perimeter requiring adaptation of tory approaches described in this paper have developed
the framework to facilitate the safe entry of new products, in response to these demands.
BOX 2
Overview of Select Risks Posed by Fintech Firms26
Alongside the many benefits of Fintech, Fintech can potentially have adverse systemic impacts on the finan-
cial system. Policymakers should be aware of major risks posed by Fintech prior to identifying an approach to
regulating it. The major risks posed by Fintech include (but are not limited to):
Legal / Regulatory Risks: To the extent that Fintech Oversight, Risk Management and Governance: The due
activities are novel and are not appropriately covered diligence on Fintech firms could be somewhat less rigor-
by existing legislation, requiring legal and regulatory ous than for regulated firms that sit clearly within the regu-
frameworks to adapt. This may be even more prevalent latory perimeter introducing a risk of potential regulatory
when considering cross-border activities. Moreover, due arbitrage. This could introduce contagion, dependency
to the novelty of the products, services and players, the or even concentration risk that might not be mitigated
correct legal / regulatory response is not always clear. in a timely manner. In addition, the rapid pace of change
As a result, jurisdictions may buck the trend and swing makes it more difficult for authorities to monitor and
towards particular approaches which may not always be respond to risks in the financial system (including general
the most appropriate option given the context of a par- business risk), especially given the limited availability of
ticular jurisdiction. relevant data and indicators.
Lack of coordination: Efforts toward adapting legal and Cyber risks. Cyber-attacks are becoming more prevalent,
regulatory frameworks to new innovations often span and the susceptibility of financial activities to cyber-attacks
across different ministries, departments and agencies, is higher as products and services continue to migrate to
who often have parallel and overlapping supervisory digital platforms, particularly as different entities become
and regulatory functions. Without proper coordination, more inter-connected and platforms are opened or
including clear lines of communication with other relevant shared. The greater use of technology and digital solu-
stakeholders and institutions involved (both domesti- tions expand the range and number of entry points for
cally and internationally), policy frameworks may become cyber-attacks. In this regard, Fintech activities could
fragmented, designed inappropriately, or result in policy increase the overall vulnerability of the consumer as well
gaps, all which can impede the development or diffusion as the financial system to cyber risk.
of innovations and limit efforts to promote stability and
Data: Transparency, privacy and ownership. With the rise
inclusion.
of open banking, BigTech and alternative sources of data,
Consumer Protection and Capabilities: Vulnerable popu- newer players have access to customer information given
lation groups do not always possess the required skills and the nature of interaction with the customer. Privacy is an
experience to appropriately use digital financial products important element of trust in a service, but transparency is
and services. As a result, new risks like fraud (i.e. digital also needed to reduce transaction costs. Getting the bal-
ponzi schemes) or theft (i.e. data breaches from a P2P plat- ance right and answering questions around the ownership,
form) are compounded for vulnerable consumers who are usage and jurisdiction of the underlying data and transac-
using digital channels to often enter the financial sector tions remain an important consideration for regulators.
for the first time. In addition, insufficient digital disclosure,
Competition. Ensuring a level playing field between reg-
redress and transparency by new providers put depositors
ulated financial institutions and Fintech players, and also
and investors at higher risks.
amongst them, remains a challenge.
4 HOW REGULATORS RESPOND TO FINTECH: EVALUATING THE DIFFERENT APPROACHES—SANDBOXES AND BEYOND
�BOX 2 continued
AML/CFT risks. Fintech can be used to conceal or dis- amplitude of swings in asset prices. Finally, Fintech credit
guise illicit origin or sanctioned destination of funds, facili- intermediaries might have limited incentives to accurately
tating money laundering or terrorist financing, and the assess credit quality or maintaining lending standards.
evasion of sanctions. In the case of crypto-currencies, for All of this could increase procyclicality in the provision of
instance, their traceability is limited due to user anonym- those financial services, and amplify shocks to the financial
ity and anonymizing service providers that obfuscate the system when they arise.
transaction chain. The decentralized nature of governance
Excess volatility: A number of Fintech activities are spe-
along with the anonymity offered by these platforms has
cifically designed to be fast. This might imply that they
created additional vulnerabilities that require regulatory
are more likely to create or exacerbate excess volatility
responses.
in the system. For example, algorithmic traders may be
Third-party reliance. Some Fintech activities can increase programmed to be more active during periods of low
third-party reliance within the financial system. Disruptions volatility and to rapidly withdraw during periods of market
to these third-party services may pose wider systemic risks stress, thus reducing market liquidity and increase asset
the more central these third parties are in interconnecting price volatility. More generally, in more competitive envi-
multiple systemically important institutions or markets. In ronments, an increase in the speed and ease of switch-
some cases, the third parties may not be financial institu- ing between service providers could potentially make the
tions (e.g., cloud services) and hence not subject to finan- financial system excessively sensitive and could cause
cial regulation and supervision. capital adequacy concerns.
Business Risk of Critical Financial Market Infrastruc- Disintermediation: Digital currencies and wallets could
tures: If innovative payment and settlement services grow themselves displace traditional bank-based payment sys-
into critical FMIs, they could introduce a stability risk—for tems, while aggregators could become the default means
example, general business losses can have the potential to of accessing banks and applying for new bank accounts
impair the provision of critical services and interfere with and loans. Oligopolies or monopolies may emerge, for
recovery or an orderly wind down. Some of these critical example, in the collection and use of customer informa-
services may be provided by a parent company with other tion, which is essential for providing financial services.
business lines, such as technology or data aggregation,
Maturity & Liquidity Mismatch: For instance, maturity
which may sometimes conflict with the offering of financial
mismatches could arise through securitization or if lend-
services.
ing platforms were to start using their own balance sheet
Contagion: For instance, large losses hitting a single to intermediate funds. In addition, Fintech enabled plat-
Fintech firm could be interpreted as indicating potential forms may not perform liquidity transformations leading
losses for the whole sector and lead to contagion effects. to liquidity mismatches.
Contagion risk may also be raised by increased access and
Increased Inequality: Although the benefits of Fintech
problems associated with weak ‘links’ between the mul-
are often touted to help to improve financial inclusion of
tiple entities involved within a particular financial activity.
underserved consumers, Fintech also poses risks in wid-
Procyclicality: Fintech activities could be prone to pro- ening the digital divide. Large, vulnerable populations
cyclical market dynamics, due to more pronounced herd still do not have access to sufficient mobile or internet
behavior. For instance, investors and borrowers on Fintech services, and therefore new innovations may only cap-
lending platforms may exhibit larger swings in behavior ture higher-income population groups. As a result, as the
than with traditional intermediation of funds when a sud- industry evolves, products and services may be inappro-
den unexpected rise in non-performing loans triggers a priately designed for vulnerable population groups and
drying up of new funds. This risk would be further exacer- can pose serious risks to ill-equipped consumers. This
bated if risk models were highly correlated due to reliance digital gap may contribute to increases in economic and
on similar algorithms—thereby potentially increasing the social inequalities.
CHALLENGES IN REGULATING FINTECH 5
�� THE DIFFERENT
III REGULATORY
APPROACHES
There does not exist a ‘blanket approach’ to applying regulatory approaches to Fintech,
and different regulators have employed different methods and tools when assessing
and responding to developments.
The most commonly observed policy responses fall into one of the following categories:27
Policy Responses
(i) Applying existing regulatory frameworks to new innovations and their business
models, often by focusing on the underlying economic function rather than the
entity. In this scenario, the existing regulatory framework does not change and
instead authorities clarify how existing requirements apply to Fintech;
(ii) Adjusting existing regulatory frameworks to accommodate new entrants and the
re-engineering of existing processes to allow adoption of new technologies. In this
scenario the current regulatory framework is amended to include Fintech activities;
and
(iii) Creating new regulatory frameworks or regulations to include (or prohibit) Fintech
activities. This includes instruments like laws or new regulations to extend regula-
tory perimeters, introduce specific requirements for new class of players in the eco-
system or to specifically prohibit certain Fintech activities.28
To support the development of an appropriate legal, regulatory and supervisory frame-
work around the aforementioned policy response areas, many countries have been
exploring new regulatory approaches aimed at promoting innovation and experimen-
tation, particularly in areas where the regulatory framework is either unclear or not pres-
ent. The approaches have been categorized into four broad categories as outlined
below.
It is important to note that, while each category is distinct, integration among the
approaches is common and they can be applied in tandem. In addition, it is possible
for elements within each category to overlap, be applied differently in different juris-
dictions, and share similar policy tools. Therefore, with these caveats in mind, the four
broad categorizations are:
THE DIFFERENT REGULATORY APPROACHES 7
� Regulatory Approaches
1. “Wait-and-See”: This approach is defined by regulators observing and monitoring
the trend(s) of innovation from afar before intervening where and when necessary.
Over time, however, as regulators gain capacity around innovation, and technology
becomes more commonly adopted by licensed entities, policymakers may incre-
mentally change regulations over time. A “wait-and-see” approach has commonly
emerged when there is regulatory ambiguity on whether an activity falls under the
remit of a particular institution. Alternatively, when there has been a need to further
build regulator capacity prior to issuing a response, a “wait-and-see” approach has
offered regulatory forbearance in order to allow innovations to develop unhindered.
In some instances, depending on its application, this approach also includes a “do
nothing” response.
2. “Test-and-Learn”: This involves the creation of a custom framework for each indi-
vidual business case, allowing it to function in a live environment (often with a “no-
objection” letter from the regulators). However, the extensiveness of supervision and
oversight, as well as the safeguard measures put in place, have varied across juris-
dictions. In some cases, policymakers have followed a “light-touch” without close
supervision, and in others, policymakers have followed more extensive frameworks
on a case-by-case basis that involved stringent supervisory attention and oversight;
3. Innovation Facilitators: A point of contact or a structured framework environment to
promote innovation and experimentation. This category includes Innovation Hubs/
Offices, Accelerators and Regulatory Sandboxes as different types of facilitators;
4. Regulatory Laws & Reforms: Refers to the introduction of new laws or licenses—
both overarching and product specific—in response to innovative firms or business
models. In some cases, countries have used the development of new laws to expand
their mandate, and to build capacity and accountability while supporting the devel-
opment of more discreet, secondary reforms and amendments to frameworks. Often
one or more of the aforementioned regulatory responses might eventually lead to
regulatory reform and hence this is also defined as one of the three policy responses.
Each approach has its own pros and cons, and many share similar risks. A combination
of the approaches can and has been used by different jurisdictions.
Below each approach is discussed in turn highlighting the pros, cons and challenges of
implementing them while providing country examples to illustrate their operation.
8 HOW REGULATORS RESPOND TO FINTECH: EVALUATING THE DIFFERENT APPROACHES—SANDBOXES AND BEYOND
�BOX 3
Guiding Considerations for Policymakers to Remain Agile and Mitigate Risks While Applying
Regulatory Approaches towards Fintech
The potential benefits of Fintech are fueling policymakers to establish new regulatory approaches and initia-
tives to enable innovation. Across the regulatory responses and approaches listed in this paper, policymakers
should also recognize the need to establish methods to mitigate risks of Fintech when employing new regu-
latory approaches to enable (or even prohibit) innovation. Below we summarize a select few considerations
(adapted from the FSB note29) for policymakers, which can guide policymakers when employing a new Fintech
regulatory approach:
• Assess the regulatory perimeter and update it on a timely basis. Regulators should be agile when there
is a need to respond to fast changes in the Fintech space, and to implement or contribute to a process to
review the regulatory perimeter regularly.
• Build staff capacity in new areas of required expertise. Supervisors and regulators should consider plac-
ing greater emphasis on ensuring they have the adequate resources and skill-sets to deal with Fintech.
• Mitigate cyber risks. Cooperation at the global level has the potential to minimize undesirable conse-
quences of fragmentation of the cyber-security efforts and raise awareness of cyber risks. Ex ante contin-
gency plans for cyber-attacks, information sharing, monitoring, a focus on incorporating cyber-security in
the early design of systems, and financial and technology literacy could help to lower the probability of
cyber events that have adverse effects on financial stability.
• Monitor macro-financial risks. While there are currently no compelling signs of these risks materializing,
experience shows that they can emerge quickly if left unchecked.
• Further develop open lines of communication across relevant authorities. Due to the potentially grow-
ing importance of Fintech activities and the interconnections across the financial system, authorities may
wish to develop further their lines of communication to ensure preparedness.
• Share learnings with a diverse set of private sector parties. In order to support the benefits of innovation
through shared learning and through greater access to information on developments, authorities should
continue to improve communication channels with the private sector and to share their experiences.
• Contribute to greater international cooperation. Increased cooperation will be particularly important to
mitigate the risk of fragmentation or divergence in regulatory frameworks, which could impede the devel-
opment and diffusion of beneficial innovations in financial services and limit the effectiveness of efforts to
promote financial stability.
CHAPTER TITLE 9
� Many jurisdictions have applied this approach when there
REGULATORY APPROACH 1: is a collective need to better understand a technology
“WAIT-AND-SEE” and its possible application(s) in the financial market. For
instance, The European Securities and Markets Exchange
The Wait-and-See approach, as the name indicates,
(ESMA),30 used this approach to monitor developments
involves the regulator in a primarily observer capacity. This
in Distributed Ledger Technology (DLT), and a number
approach consists of permitting new Fintech business
of jurisdictions have adopted this method to review their
models to function with the explicit intention to allow inno-
reactions to cloud computing before releasing guidelines.
vations to develop unhindered by what could be inter-
preted as disproportionate regulatory requirements; those, A country where this approach was used, albeit with
that might disincentivize competition or be potentially dis- mixed results, is China and its initial response to both
proportional to the risk posed or the economic usefulness Peer-2-Peer (P2P) lending and mobile payments. While
of the product offered. While, at the same time affording the story for P2P lending did not end very well (See Box
regulators the ability to informally monitor trends deter- 4), this approach served the widespread mobile pay-
mining when and where formal intervention is performed. ments market—dominated by Alipay and WeChat- well.
As regulators gain capacity around innovation, and tech- Since its inception in 2013, the mobile payments land-
nology becomes more commonly adopted by licensed scape in China was unregulated given its relative small
entities, policymakers may incrementally change regula- scale at the time of inception. As such, the PBOC did
tions over time. A “wait-and-see” approach has often not include restrictions such as transaction caps and
emerged when there is regulatory ambiguity on whose the need to report transaction details to the bank hold-
remit a particular activity falls, or a when there is a need to ing the trust account.33 Although small step changes in
monitor the market and build regulator capacity prior to regulatory policies were introduced frequently such as
issuing a response. This should not be misinterpreted as a tightening access to payment licenses and requirements
passive approach, but rather one where active learning is on renewals, this was not limited to mobile payment
taking place usually during the time when the technology operators. Recognizing the need for a more fundamental
is still nascent and not expected to adversely impact the change in regulation, the People’s Bank of China (PBOC)
statutory objectives—stability, protection, integrity and/or began regulating mobile payments on June 30th, 2018,34
inclusion—of the policymaker. implementing a new mobile payment regulation requir-
BOX 4
“Wait-and-See” Approach by the Central Bank of Ireland around Crypto-assets31
The Central Bank of Ireland does not have specific cryptocurrency regulation, and there is no prohibition of
cryptocurrency activities within Ireland. Instead, the Central Bank of Ireland has taken a “wait-and-see” approach
to the regulation of cryptocurrencies. In March 2018, a speech made by the Director of Policy and Risk at the
Central Bank of Ireland shed light on their approach:
“To the extent that virtual currencies, ICOs, or those involved in their issuance or trading, are not subject to exist-
ing regulation, then the question arises: has the regulation fallen behind developments and needs updating. Or
is it the case that these activities are just new examples of old types of activity and there is no need for further
regulatory intervention, beyond making consumers properly aware of the significant risks through consumer
warnings? Or might it simply be too early to say? . . . At the Central Bank, we are actively engaged with other
European and international policymakers as we all try to figure out a way forward, including for example, work at
the ESAs [European Supervisory Authorities]. Given the cross-jurisdictional nature of virtual currencies and ICOs,
we at the Central Bank welcome these efforts by the ESAs.32”
In parallel to its approach, the Central Bank of Ireland has also endorsed a statement by the European Banking
Authority, warning consumers of risks when undertaking transactions with virtual currencies (government-issued
notices have been a common action across all jurisdictions and regulatory approaches).
10 HOW REGULATORS RESPOND TO FINTECH: EVALUATING THE DIFFERENT APPROACHES—SANDBOXES AND BEYOND
�ing all mobile payments to go through the central bank’s This approach has the potential to provide regulators
clearing system. In essence, the authorities monitored with the opportunity to observe and understand the risks
the market, reacted to trends and introduced a signifi- and how the market is developing so that when a reg-
cant change in regulation that was in part introduced to ulatory strategy is developed it is appropriately suited
prevent instances of money laundering or fraud, as well to the risks the innovation product, process or applica-
as issues that were rampant in the P2P market. tion poses. Similar to the Wait-and-See approach, this
too is not intended to be used indefinitely, but rather
Wait-and-See approaches, while useful, have shown to
to provide regulators with sufficient data and experience
have a shelf-life and need to be carefully used. While
needed to adjust regulation or apply it accordingly. Early
some jurisdictions have employed a passive approach,
adopters of this approach include Tanzania,41 Philippines
it is important to note that an active approach is often
and Kenya. (See Box 6).
required to better mitigate risks to the financial sector
through active learning. With a Wait-and-See approach, In the early 2000s the Philippines, regulators stated
active learning should take place usually during the time expressly that their approach is to “follow the market”,
when the technology is still nascent and not expected to while allowing non-banks to offer financial services and
adversely impact the statutory objectives—stability, pro- scale through licensed remittance agents and offering
tection, integrity and/or inclusion—of the policymaker. operators a “letter of no objection”. After observing the
When the regulator actively monitors the market, regula- market’s development for a few years incorporating the
tors can begin to recognize when more direct action is learnings from the test period, Bangko Sentral ng Pilipi-
needed especially as conduct and prudential objectives nas issued e-money regulations in 2009 carefully tailored
are impacted. to the Filipino market.42
Wait-and-See approaches worked well for areas such as This approach differs from the more structured approach
mobile payments in China, but did not achieve the same such as a Regulatory Sandbox (described in detail below)
degree of success with P2P models. In the case of P2P, in that the oversight undertaken by regulators is at an
regulators globally have grown more familiar with P2P arm’s length and requires oversight to be conducted on
lenders entering the financial space and now have accu- the open market without a ring-fenced or controlled envi-
mulated experience in dealing with the risks associated ronment. Each application is decided on a case-by-case
with their activities allowing them to respond in a timely bases and the extent to which regulators can make use of
manner. However, there will always be instances when dispensation(s) depends on their specific legislative con-
non-traditional entities unfamiliar to regulators might text. The national legal mandate of a country determines
seek to enter the market and a wait-and-see approach the powers available to the regulator and the ability to
will continue to remain relevant. extend dispensations with or without associated legisla-
tive action such as amendment of laws. For instance, only
some legislations allow for “no objection” letters as in the
REGULATORY APPROACH 2: case of Kenya, or restricted licensing.
“TEST-AND-LEARN”
The Test-and-Learn approach however, has some draw-
The Test-and-Learn approach can be defined as cautiously backs when it comes to scalability. While small or highly
permissive and involves some flexibility that is provided specialized Fintech ecosystems are well suited for such
on a case-by-case basis. Flexibility is granted by way of a model, jurisdictions with large and diverse Fintech
dispensations from particular rules for new firms or new markets could cause a strain on regulatory capacity and
activity(s). The extent to which that regulators can make make it difficult to handle a growing number and variety
use of the tools and associated dispensations, depends in of actors requesting exemptions.
part on the specific legislative context. It is intended to be
an agile approach, where regulators faced with innovative In addition, ensuring equal treatment of participants and
products can grant restricted licenses or partial exemp- a level playing field could become more difficult. This is
tions for new-entrants or established intermediaries test- illustrated again with the case of M-Pesa in Kenya that
ing new technologies. This flexible and proportionate achieved an initial exponential rise driven by demand
approach should ensure however, that the principles of from a growing customer-base which required the number
the existing regulation continue to be upheld. of agents servicing these customers to also increase multi-
fold. As a bank product reliant on a telco-provided trans-
THE DIFFERENT REGULATORY APPROACHES 11
� BOX 5
Wait & See Approach: The China Story
Peer-to Peer (P2P) lending platforms are a method values, which further prompted defaults preventing
of debt financing that directly connects individuals or legitimate platforms from functioning. In a little over
companies with lenders. They were seen as an inno- two years, the industry had gone from zero to about
vative model that could cater to those borrowers who $218 billion in outstanding loans.
might have been overlooked by traditional financial
The initial hands-off approach began to taper off
institutions. The first online lending platform, Zopa,
by mid-2015 when the PBOC provided a series of
was founded in the UK in 2005 and Chinese companies
announcements leading up to China’s first regula-
followed suit in 2007, starting with PPDAI Group, with
tory instrument for online lending, the ‘Interim Mea-
rapid growth since then.
sures on Administration of Business Activities of
In China, P2P was touted as a pioneering model to Online Lending Information Intermediaries’, issued
help reform the mainland’s finance sector attracting in August, 2016. In addition, Chinese regulators pre-
money from investors by offering them high yields pared a set of P2P market interim measures (consti-
(8–12% compared to the much lower base interest rate tuted as the “1+3” system) in line with the overall
offered by the government).35 The Chinese authorities internet finance development guidance.39 Since then,
decided to adopt a Wait-and-See approach as these Chinese authorities have ramped up regulations and
platforms served the useful purpose of providing many have shut down many small and medium-sized P2P
small-scale businesses, micro-entrepreneurs and at-risk lending platforms across the country. They are also
individuals with credit they could not previously access. looking to incorporate a model of P2P marketplace
While this was potentially an accurate approach to use, lenders working alongside banks with the latter func-
allowing the market to grow faster and reach scale tioning as custodian partners.
more so than any other jurisdiction,—according to Peo-
Since 2016, China continued to take a more cautious
ple’s Bank of China (PBOC), there were over 8000 P2P
regulatory approach. In less than two years, regula-
platforms and over 50 million registered users at the
tions triggered the shutdown of the majority of P2P
beginning of 2018 that together conducted 17.8 billion
lending platforms from 2016 to 2018. By 2018, only
RMB worth of transactions making it larger than the rest
1,021 providers remained in place, and the Chinese
of the world combined.36 The fact that the regulation
government expects that number to further shrink to
did not kick in at the right time caused some issues.
around 50–200 providers over time.40
By the end of 2015, prior to the issuance of any
regulations or an established regulatory frame- Failed peer-to-peer lending platforms in China (cumulative)
work, there were roughly 3,448 P2P platforms
in operation, 1,031 (roughly 1 out of 4) of which 5,000
4,334
were categorized as either having difficulty 4,039
paying off investors, being investigated by the 4,000
3,429
national economic crime investigation depart-
ment, or whose owners have disappeared with 3,000
investor funds.37 The regulators’ slow response
to the aggressive growth led to multiple scams 2,000 1,688
and controversies giving rise to the country’s
largest Ponzi scheme. By 2016, the Chinese 1,000
Banking Regulatory Commission reported that 394
93
roughly 40 percent of P2P lending platforms 0
were in fact Ponzi schemes.38 This set-in motion 2013 2014 2015 2016 2017 2018
a domino effect with wide-spread panic among
the lenders leading to shrinking of transaction Source: Bloomberg news
12 HOW REGULATORS RESPOND TO FINTECH: EVALUATING THE DIFFERENT APPROACHES—SANDBOXES AND BEYOND
�BOX 6
Common Dispensations provided
• Letter of no objection: A letter that allows a firm to operate in the open market without a specific license with
an implicit sanction from the regulators. No objection letters can include restrictions and reporting require-
ments as deemed necessary by the regulator.
• Letter of no enforcement/action: A letter essentially stating that no enforcement proceedings will be taken
against the firm to whom the letter has been issued as long as it works within the boundaries delineated in
the letter.
• Restricted authorization: A tailored authorization process that essentially restricts firms to only offer those
products or services as agreed with the regulator. Some restricted authorizations are associated with an
authorization fee.
The extent to which regulators can make use of dispensation(s) depends on their specific legislative context. The
national legal mandate of a country determines the powers available to the regulator and the ability to extend
dispensations with or without associated legislative action such as amendment of laws.
BOX 7
Test-and-Learn Approach: Kenya
In 2007, when Safaricom approached the Central Bank of Kenya (CBK) with their proposal to set up a mobile
phone-based money transfer service, it raised a dilemma for the regulator. CBK was unsure how a financial ser-
vice offered by a telecommunication operator could fit within the existing banking regulation. Although the pri-
mary instinct of a risk-averse regulator would have been to deny permission to a largely unknown, new financial
service, the CBK took into consideration the wide reach and potential this new service might have.
At this time the Banking Act did not provide basis to regulate payment products offered by non-banks, and CBK
concluded that it had no clear authority over non-bank funds transfer, and hence would not interfere in allowing
the telecommunications operator to launch the M-Pesa. In order to allow a telecommunications operator to pro-
vide a transactional account, the CBK initiated some actions. First, a team of CBK legal experts developed Trust
Account requirements invoking the Trust Law. The Central Bank also issued a letter of no objection, indicating
that CBK would allow the service to launch, provided certain basic conditions were met including:43
A. Appropriate measures are put in place to safeguard the integrity of the system in order to protect customers
against fraud, loss of money and loss of privacy and quality of service.
B. The system will provide adequate measures to guard against money laundering.
C. Proper records are kept and availed to regulatory authorities in formats as may be required from time to time.
D. M-Pesa will observe all existing laws governing its relationship with its agents and customers.
This letter empowered Safaricom to launch M-Pesa which attracted one million users in the first nine months
and rose to four million in 18 months. The resounding success propelled Kenya into the poster child for creating
enabling regulatory environments particularly those contributing to financial inclusion and economic growth.
Today, over 93% of the population have access to mobile payments44 and circa 50% of Kenya’s GDP is processed
over M-Pesa.
THE DIFFERENT REGULATORY APPROACHES 13
� mission system, M-Pesa defied the distinction between the market steers the endogenous demand for further
bank-led and telco-led financial innovation.45 A lack of improvement and adaptation of the legal and regulatory
threshold rules and regulations for agents caused some framework; while Innovation Facilitators are top-down,
cases of lack of product transparency and information at regulator driven initiatives.
the point of transaction.
Typically, Innovation Facilitators are one of three types:
The extensiveness of supervision and oversight, as well Innovation Hub (also referred to as Innovation Offices),
as the safeguard measures put in place, have varied Regulatory Sandboxes and Regulatory Accelerators (also
across jurisdictions. In some cases, policymakers have referred to as Regtech labs):
issued light frameworks without close supervision, and in
• Innovation Hub: An Innovation Hub can take various
others, policymakers have issued extensive frameworks
avatars depending on the appetite and mandate of
on a case-by-case basis that involved stringent supervi-
the authority. It is most often a central contact point
sory attention and oversight. The roles and responsibili-
to streamline queries and provide support, advice,
ties of the regulator when employing a ‘Test-and-Learn’
guidance to either regulated or unregulated firms to
approach cannot be overstated, and the capacity of a
help them navigate the regulatory, supervisory, policy
regulator to provide adequate oversight and assess-
or legal environment. Support can be direct or indi-
ment of the market is critical to mitigate risks. While the
rect via guidance to the market and does not gener-
approach may be beneficial to regulators with signifi-
ally include testing of products or services.
cant market experience, who are well equipped to make
outcomes-based decisions that can have longer term • Regulatory Sandboxes: A Regulatory Sandbox, which
benefits, regulators with less experience might find it over 60 policymakers (November 2019) either have in
hard to calibrate dispensations optimally. Weak oversight place or are planning to deploy, is a virtual environ-
may cause error or difficulty in generalizing results to ment that enables the live testing of new products
the broader environment, and could be inefficient when or services in controlled and time-bound manner.
developing more standardized regulatory solutions. In This involves a more structured approach which often
addition, suboptimal or excessive dispensation can lead includes controlled experimentation in a live environ-
to innovations developing inadequately in the market or ment to promote innovation and guide interactions
may cause unacceptable risks and losses to consumers. with firms while allowing regulators good oversight
This also raises questions around the accountability and of emerging financial products. It is open to innova-
responsibilities of regulators, particularly in the event of tive business models, products and processes both
legal risks or negligence, calling into question the role of regulated and not, or which might be regulated in the
regulators as enablers. future. Typically, firms that apply to enter a Regulatory
Although the framework may continue to remain via- Sandbox already have a developed offering and are
ble, each Test-and-Learn approach has a maturity—as testing the viability of that offering in the market.
the market develops, a continuation of this approach • Regulatory Accelerators: Accelerators are more in-
may begin to have adverse consequences for competi- ward focused and enable partnership arrangements
tion and consumer protection. Without a sufficient shift between innovators or Fintech firms and govern-
towards more active market supervision instances of ment authorities to innovate on shared technologies
anti-competitive practices could46 arise that need trans- to most commonly solve pre-defined use cases. It
formative regulatory change to combat them. should be noted that firms that partner with an institu-
tion as part of an Accelerator process, most likely do
not fall within the regulatory perimeter due to issues
REGULATORY APPROACH 3: of conflict of interest.
INNOVATION FACILITATORS
Innovation Facilitators tend to be more resource intensive
A number of policymakers globally have begun to adopt than the previously described approaches with a num-
an Innovation Facilitator approach in response to Fintech ber of regulators setting up wholly new units requiring
developments. While similar in some respects to the staff with specialized skill sets. The units have a specific
Test-and-Learn approach, the primary difference is that a focus to promote greater engagement and knowledge
Test-and-Learn approach is bottom-up approach where exchange with new-entrants as well as incumbents trial-
14 HOW REGULATORS RESPOND TO FINTECH: EVALUATING THE DIFFERENT APPROACHES—SANDBOXES AND BEYOND
�ing new products and technologies. Annex 2 contains a in some cases, physical office space, to either regulated or
non-exhaustive list of operational and proposed Innova- unregulated firms to help them identify opportunities for
tion Facilitators globally. growth, and navigate the regulatory, supervisory, policy or
legal environment. However, the results are still develop-
While it was found that while Regulatory Sandboxes47
ing, and it is too early to draw a definitive conclusion on
were a common response adopted by policymakers,
the outcomes.
there is insufficient evidence to claim that it was the most
effective. In fact, the Global Fintech Survey (GFS)48,49 of
country Fintech experiences conducted in 2019 as part Innovation hubs
of the WBG-IMF Bali Fintech Agenda gathered responses
An Innovation Hub, or Innovation Office as they are some-
from nearly a hundred countries. Of those surveyed, it was
times referred to, often provides a dedicated point of con-
identified that nearly thirty-three Sandboxes have been
tact for firms to raise enquiries with competent authorities
initiated since 2016, bringing the total number of Sand-
on Fintech-related issues and to seek non-binding guid-
boxes globally to over 6050 at last count.
ance on regulatory and supervisory expectations, includ-
Other Innovation Facilitators, however, specifically Innova- ing licensing requirements.51 Most commonly, they provide
tion Hubs which have been used instead of, or as a com- support, advice, guidance and even, in some cases, physi-
plement to, a Regulatory Sandbox have shown promise cal office space, to regulated and unregulated firms. Single
of being more effective and suitable to business needs. points of contact, dedicated newly created units, identified
They are often seen as the first step along a regulatory networks of experts or similar organizational arrangements
journey—providing support, advice, guidance and even, can be considered as Innovation Hubs.
FIGURE 3: Benefits of an Innovation Facilitator for Regulators, Firms and Individuals
Signaling from the regulator that they are open to engaging with the market
More direct control over risks including consumer protection and reviewing
mitigating measures
REGULATORS Ability to review existing regulations and evaluate if they are fit for purpose or
might be hindering innovation
Intelligence on developments, trends and emerging risks
Regulator can ‘get their hands dirty’ with new technologies
Support players who don’t fully understand, or are uncertain, or are unable
to meet regulatory requirements from the onset
Potential testing of the technology in a stable but live environment for subsequent
FIRMS full-scale implementation
Opportunity to get advice from the regulator
Could lead to reduced time and cost to market
Potential to facilitiate partnerships
Appropriate consumer protection safeguards and mitigation of risks to the
consumers, due to close monitoring and graduated roll-out.
CUSTOMERS
Can support greater competition and inclusion due to better targetted
and designed products.
THE DIFFERENT REGULATORY APPROACHES 15
� Sandboxes, Innovations Hubs and RegTechs around the World
(Includes both Established and Proposed)
FIGURE 4: Sandboxes, Innovations Hubs and Regtech Labs around the World
Cyprus
Bermuda, U.K. Malta Israel
Bahrain
Hong Kong, SAR, China
Jamaica
Barbados
Brunei
Darussalam
Singapore
Rwanda
Fiji
Mauritius
Eswatini
Sandboxes, Innovation Sandboxes, Innovation Hubs Sandboxes
Hubs, RegTechs
Sandboxes, RegTechs Innovation Hubs
IBRD 44901 | FEBRUARY 2020
Innovation Hubs, RegTechs RegTechs
Source: WBG Research
FIGURE 5: Prevalence of Regulatory Innovation Initiatives Globally
14
12
12
10
10
8
8
7
6 6
6
5 5
4
4
3 3
2 2 2 2
2
1 1 1
0 0
0
Regulatory sandbox Innovation hub Accelerator Internal innovation Other facilitator
facilitator
Active (operational with use cases) Launched Under development Not being considered
Source: World Bank and CGAP. “Innovation Facilitator Survey”. 2019
16 HOW REGULATORS RESPOND TO FINTECH: EVALUATING THE DIFFERENT APPROACHES—SANDBOXES AND BEYOND
�Essentially, an Innovation Hub can take any form that is innovation hubs with other players that go beyond the
seen most beneficial and suitable to the regulator while financial sector and not only provide a regulatory clar-
signaling to the market that the regulator is keen to ity but also enable service providers, including financial
interact with and enable the emerging field of Fintech. institutions, Fintech start-ups and academics to collabo-
Although providing guidance tends to be their most rate. This depicts the range of possible functions that an
common function, their function can for instance, range Innovation Hub (or office) can have.
from hosting and attending industry events to provid-
An Innovation Hub can be particularly useful for those
ing assistance in making an application for authoriza-
jurisdictions who are considering their approach to Fin-
tion or new products. They facilitate regulator–innovator
tech and can be less resource intensive to establish.
engagement and act as a point-of-contact for the indus-
They can be implemented in complement with other
try both for mutual learning as well as for policy and reg-
approaches and are a good primary step for regula-
ulatory guidance. Supervisors may use Innovation Hubs
tors to gauge the interest and maturity of the market.
to understand and monitor the new business models and
In addition to being less resource intensive, according
technologies as well as to identify regulatory and super-
to the ‘Regulating Alternative Finance’ WBG–CCAF sur-
visory challenges associated with Fintech.
vey,53 respondents reported that Innovation Offices sup-
An example is the Australian Securities and Investments ported a much higher number of firms than Regulatory
Commission (ASIC) who in 2015, set up an Innovation Sandboxes.
Hub to assist Fintech start-ups navigate the regula-
Respondents of the survey had collectively supported
tory system and its laws, including by providing infor-
over 2,000 firms through Innovation Offices but less than
mal guidance from senior regulatory advisers about the
a tenth of that (180) total through Sandboxes (see Figure
overarching regulatory framework and questions relating
7). This ratio holds even for those jurisdictions that have
to ASIC’s relief powers. For the regulator, this interac-
both types of initiatives in place—the median regulator
tion helps to inform them about emerging issues around
reported ten times as many Innovation Office alumni as
Fintech that could be relevant for policy development.
Sandbox tests. This can be attributed to the fact that
Some regulators such as Malaysia (Digital Finance Inno-
the most important service offered to firms from most
vation Hub) and Thailand (OJK Infinity52) have set up
FIGURE 6: Propensity of Regulatory and Supervisory Innovation Facilitators towards Fintech
25
20
15
10
5
0
East Asia and Europe and Latin America and Middle East and North America South Asia Sub-Saharan Africa
Pacific Central Asia Carribbean North Africa
Single contact point Allowed sandboxes. Established innovation None.
for fintech questions. hubs.
Source: WBG-IMF Global Fintech Survey 2019
(Note: Single contact point here refers to a single person or dedicated email address where queries can be sent and is not the same as an Innovation Hub)
THE DIFFERENT REGULATORY APPROACHES 17
� Innovation Facilitators, is by a large margin, guidance- FIGURE 7: Number of Firms Supported by Innovation
as was highlighted in the latest WBG-CGAP Innovation Offices and Regulatory Sandboxes
Facilitator survey 2019.54 The other services compared 2,500
being funds, infrastructure and waivers. While differ- 2,163
ent initiatives provide different functions and benefits, 2,000
the successes of Innovation Offices can be instructive
1,500
for regulators considering how best to use their limited
resources to most efficiently achieve impact. 1,000
Recognizing the common challenges and the cross-bor-
500
der nature of Fintech, Hubs have also been set up on 180
a global level to support and encourage coordination 0
among international regulators and to pool resources. An Total number of firms assisted by Innovation Office
example of this is the Bank of International Settlements Total number of firms assisted by Regulatory Sandbox
(BIS) Innovation Hub(s). The BIS established innovation
Source: World Bank and Cambridge Center for Alternative Finance.
Hubs with the explicit intention to support central bank “Regulating Alternative Finance: Results from a Global Regulator
collaboration on research and innovation in financial tech- Survey”. 2019
BOX 8
Example of Innovation Hub Approach—Bank of France-ACPR Fintech Innovation Unit
In France, there are three main authorities in the financial sector. Banque de France (the French Central Bank);
Autorité de Contrôle Prudentiel et de Résolution–ACPR (the French Prudential Supervision and Resolution
Authority)- an independent supervisory authority that operates under the auspices of the Banque de France; and
Autorité des marchés financiers (AMF) the securities regulator in France.
In June 2016, the ACPR Fintech-Innovation unit was set up to act as the single point of contact for innovative
financial sector projects in both the banking and insurance sectors. The unit provides an interface, between proj-
ect initiators and regulators while coordinating between the various ACPR departments within Banque de France
on projects regarding payment services, as well as with AMF (through its Innovation and Competitiveness Unit)
for projects regarding investment services.
The primary objectives of the ACPR Fintech-Innovation unit are to support Fintech players to better understand
the nuances of the regulatory environment, and to facilitate the approval or authorization processes should the
firm require a regulated status.
However, it also has a secondary objective to assess the challenges, risks and opportunities related to techno-
logical innovation in the financial sector and the impact of this on financial stability. Learnings from which are
then used to inform and contribute to global dialogue and research on the subject.
Demonstrating how an Innovation Hub can be a complementary to other approaches, and support coordination
between different regulatory bodies, the ACPR Fintech-Innovation unit exists in parallel with the Fintech Innova-
tion and Competitiveness Unit of the AMF; with whom they conduct consultations with the private sector in both
formal and informal settings to discuss regulatory and supervisory subjects related to Fintech and innovation.
Another government initiative is the Banque de France’s Lab, created under the responsibility of the Chief
Digital Officer, specifically to bring the central bank’s business lines closer to new practices and technologies.
While more akin to an Accelerator or Regtech lab (see section below) the lab creates a space for collaboration
and connects the Banque de France with innovative Fintech start-ups, to experiment with new concepts and
technologies in connection with the activities of the central bank.
18 HOW REGULATORS RESPOND TO FINTECH: EVALUATING THE DIFFERENT APPROACHES—SANDBOXES AND BEYOND
�nology and accelerate their digital efforts while keeping in world, Sandboxes tend to work in a live, but restricted
mind their statutory objectives. The first Hubs have been environment and can be open to authorized and unau-
launched in Singapore, Hong Kong and Switzerland (see thorized businesses and technology firms providing ser-
Box below). vices to entities based on tailored eligibility criteria.
At their core, Sandboxes are, formal regulatory programs
Regulatory Sandboxes that are a reaction to the rapidly changing backdrop of
A Regulatory Sandbox59 is a controlled, time-bound live digital financial services. They provide a dynamic, evi-
testing environment, defined by regulators which may dence-based regulatory environment which learn from,
feature regulatory forbearance and alleviation through and evolve with, emerging technologies. It should be high-
discretions. It allows innovators to test, on a small scale, lighted however, that while Sandboxes bring the potential
innovative products, services, business models and deliv- to change the nature of the relationship between regula-
ery mechanisms subject to regulatory discretion and pro- tors and financial services providers toward a more open
portionality. The testing environment may involve limits or and active dialogue and brings agility to the regulatory
parameters within which the testing firms must operate. and supervisory framework, the evidence on Sandboxes
from available data is yet inconclusive.
Sandboxes have generally been intended to facilitate
those innovations that do not fit neatly into the current It is vital that regulators first consider the objective and
regulatory framework, but, as we see below the objec- the problem they are trying to solve before setting up
tives for setting up a Sandbox have been varied. The idea a Sandbox as it will define both the design as well as
stemmed from the use of Sandboxes in the tech industry the measurement of outcomes. Once defined, the regu-
where developers test software in a segregated environ- lator will need to identify if they have the appropriate
ment to avoid risks to the wider system while allowing statutory mandate to pursue the stated objective. The
products to be safely brought to market. In the financial objectives for Sandboxes studied have varied, they can
BOX 9
The Bank of International Settlements (BIS) Innovation Hub
The Bank of International Settlements (BIS) has established innovation hubs to support central bank collabo-
ration on research and innovation in financial technology. BIS launched hubs in Singapore, Hong Kong and
Switzerland in 2019 to identify and develop insights into critical trends in technology affecting central banking;
develop public goods in the technology space geared towards improving the functioning of the global financial
system; and serve as a focal point for a network of central bank experts on innovation.55
Each hub has been set up with a different area of focus in mind.
Hong Kong: It is expected that the Hong Kong center will look into the role of DLT and BigTech. The first
projects by BIS and the Hong Kong Monetary Authority (HKMA) innovation hub explore the use of Distributed
Ledger Technology (DLT) to digitalize trade finance processes, study the impact of BigTech on financial markets,
and conduct a study on the application of Artificial Intelligence (AI) technology in the banking industry.56
Singapore: In Singapore the focus is more on Suptech applications. The BIS and Monetary Authority of Singa-
pore (MAS) hub are establishing a framework for public digital infrastructures on identity, consent and data shar-
ing and creating a digital platform that connects regulators and supervisors with digital and technology solution
providers.57
Switzerland: The innovation hub by BIS and Swiss National Bank (SNB) focuses on examining the integration of
the digital central bank money into the Distributed Ledger Technology infrastructure and addresses the rise in
requirements placed on central banks to be able to effectively track and monitor fast paced electronic markets.58
THE DIFFERENT REGULATORY APPROACHES 19
� BOX 10
Assessing the Appropriateness of the Sandbox Option
Of the approaches described in this paper, the Regulatory Sandbox has been gaining substantial traction with
regulators globally and over 60 have burgeoned in different parts of the globe over the last 3 years. But when
should a regulator set up a Sandbox and what are the critical success factors for a Sandbox?
It is vital to understand the objective of setting up the Sandbox as well as the maturity of the Fintech segment
and capacity and mandate of the regulator prior to implementing a Sandbox approach. Many jurisdictions that
have already set up Sandboxes have failed to have many, or any, applicants (see box 11). This might belie the
need for a resource-intensive Sandbox and an alternative approach might have served the regulator better.
Most Sandboxes will only admit those firms that have a viable product, enabling them to test the appropriate-
ness of their business model for the market in which they want to operate. For those markets where the Fintech
ecosystem is still nascent, other Fintech tools might be a better fit. In addition, Sandboxes are significantly
resource heavy due to temporary framework that needs to be established, the detailed hands-on supervision
and bespoke guidance that needs to be given to each individual firm in the process and the not insignificant
consumer protection implications. A Sandbox approach may not always be the most appropriate approach for
regulators struggling with capacity and resource constraints. (These considerations are further expanded in Sec-
tion IV: Evaluating the Right Regulatory Option.)
include one or a combination of objectives:60 including, a specific test result, rather than the commercial viabil-
to stimulate competition and innovation in the market- ity of the underlying technology61). An example of this
place (e.g.: UK FCA), to ensure the regulatory framework type of Sandbox is the one established by the Mon-
is fit-for-purpose (e.g.: Singapore MAS), to recognize etary Authority of Singapore (MAS) which assumes
gaps in the availability of necessary market products that the Regulatory Sandbox is a tool of last choice.
(e.g.: Malaysia), or to explore a particular theme such Where there are no clear applicable regulation or the
as products pertaining to financial inclusion only (e.g. firm is unable to meet regulatory requirements from
Sierra Leone). Moreover, a number of Sandboxes have the onset, the Regulatory Sandbox will then support
the more general objective of “supporting innovation in firms negotiate the regulatory requirements of specific
financial technologies” making the measurement of out- activities.
comes somewhat intangible.
2. �Innovation Focused: These Sandboxes are more
aligned with increasing competition in the market-
Sandboxes can be broadly broken into four- types (that
place through encouraging innovation and lowering
are not mutually exclusive) as dependent on their primary
the cost of entering the regulated marketplace. They
objective:
test use-cases and the viability of new technologies
1. �Policy focused: These Sandboxes seek to specifically and business models and hasten the route to market
remove regulatory barriers to innovation and usually while building capacity around services or business
have the added objective of identifying if the regula- models.
tory framework is fit for purpose under the current mar-
The most well known example of this Sandbox is the
ket conditions.
UK FCA (Financial Conduct Authority). Set-up in late
A policy focused Sandbox can use the Sandbox pro- 2015 and the initial proponent of the term ‘Sandbox’,
cess to evaluate particular regulations or policies. This the FCA is the most active in terms of the number of
could make the eligibility criteria for the Sandbox more firms they have accepted into the process. The frame-
focused in that it only accepts applicants that can help work was set up under FCA’s objective of promoting
evaluate a specific regulatory hypothesis (i.e. whether effective competition and most firms graduate from
a specific rule or regulation should change in light of the Sandbox to existing licensing regimes. No new
20 HOW REGULATORS RESPOND TO FINTECH: EVALUATING THE DIFFERENT APPROACHES—SANDBOXES AND BEYOND
� BOX 11
Australia’s Sandbox: A Process of Iteration
In Australia, the first iteration of the Sandbox was revealed by the Australian Securities and Investments Com-
mission (ASIC) in December 2016. Any eligible Fintech company needed only to notify ASIC of its intention to
offer products and services within the Sandbox rules. No further approvals from ASIC or other regulators were
required.
The relatively restrictive parameters (see below) of the Sandbox, however, resulted in limited participation with
only one start-up utilizing the Sandbox in 7 months. ASIC therefore took further measures to improve the Sand-
box, and the Government thereafter issued new draft legislation and regulations to create an enhanced Regula-
tory Sandbox.
The new Sandbox provides a “lighter touch” regulatory environment to allow additional flexibility to Fintechs
that are still at the stage of testing their ideas. While safeguards remain the same in the new legislation, the key
proposed changes include:
• Extending the exemption period from 12 months to 24 months
• Enabling ASIC to grant conditional exemptions to financial regulations for the purpose of testing financial and
credit services and products
• Empowering ASIC to make decisions regarding how the exemption starts and ceases to apply
• Broadening the categories of products and services that may be tested in the Sandbox, to include life insur-
ance products, superannuation products, listed international securities, and crowd-sourced funding activities.
• Imposing additional safeguards such as disclosures, information about a provider’s remuneration, associa-
tions and relationships with issuers of products and the dispute resolution mechanisms available.
The reform importantly allowed ASIC to control how exemptions are granted and withdrawn and requires Fintech
firms to notify clients that they are using the exemption. Certain baseline obligations continue to apply during
the course of the process i.e. the obligation to act in a client’s best interests, and obligations on handling client
money and on preparing statements of advice where personal advice is provided. For credit contracts these
include responsible lending obligations, special rules for short-term contracts, limitations on fees and charges,
and unfair contract term rules. Breaching these obligations may result in the ASIC cancelling a firm’s exemption.
Source: ASIC website
regulation has been created as a result of the FCA period in 2017, the central bank worked with eight
Sandbox. financial institutions to test the product. The Thai QR
code standard which complies with international stan-
3. �Thematic: The third type of Sandbox is a thematic
dards was developed jointly with the central bank,
Sandbox. As the name suggests, this focuses on a pre-
financial institutions, non-bank payment service pro-
cise theme with the objective of accelerating adoption
viders, and international card schemes. Five firms suc-
of specific policy, innovation or supporting the devel-
cessfully exited from the Sandbox with the approval
opment of a particular sub-sector or even the devel-
to provide QR code payment services to the general
opment of products for a particular segment of the
public. Other themes include financial inclusion Sand-
population.
boxes, such as those developed by Bank of Sierra
This is illustrated by the Bank of Thailand (BOT) who Leone (Box 9) and Bank Negara Malaysia62 for prod-
initiated a Sandbox for the development of Thai Stan- ucts, services and business models that are designed
dardized QR Codes for Payments. Over a five-month to advance financial inclusion. While Japan’s Financial
THE DIFFERENT REGULATORY APPROACHES 21
� Services Commission’s Fintech Proof of Concept (POC) A typical Sandbox lifecycle can last anywhere between
Hub focuses on customer identity verification and 6–24 months (For example. periods range from six
automating customer suitability determinations.63 months in Brunei and the United Kingdom; to twelve
months in Australia, Malaysia, Thailand; or twenty-four
4. �Cross-Border: The fourth and final type of Sandbox is
months in Abu Dhabi and Ontario) from application
the cross-border or multi-jurisdictional Sandbox. This
through to exit. They can be cohort-based as illustrated
encourages and supports cross-border movement and
below or accept applications on an ad-hoc basis which
operation of firms while encouraging regulator coop-
then follow a similar cycle to the cohort method once
eration. It is a way of promoting cross-border regula-
applications are accepted. Before applications can be
tory harmonization and enabling Fintechs to scale
accepted, the objectives, Sandbox framework, including
more rapidly on a regional or global basis.66
core definitions, governance, eligibility criteria, evaluation
Regional Sandboxes may be attractive for consumers processes, timing for each window, external communica-
and regulators alike. According to a recent IDB study, tion procedures and vitally the exit procedures should be
close to 20% of all Fintech in the Latin America-Carib- considered and agreed. Some jurisdictions have made
bean region operate in more than one jurisdiction— these frameworks open for public consultation promoting
most likely because individual markets in the region transparency and encouraging an open and honest dia-
may be too small for the business model to achieve logue between entrepreneurs and regulators.
scale.67 For many Fintechs, the ability to deliver a
While in the Sandbox itself, the Fintech firm is usually pro-
financially sustainable solution requires scale beyond
vided with either a restricted authorization or a temporary
what country-level markets can provide. Regional
license. They are usually designed to set a limitation on
Sandboxes may help facilitate cross-border expansion
the range of activities they are allowed to conduct or the
through shared testing programs that support harmo-
type of service that can be provided or the number of cus-
nized regulatory requirements. Regulators may also
tomers that can be served.70 The status of the firm once
find shared Sandbox facilities beneficial in reducing
the Sandbox cycle is complete is important and should be
the potential for regulatory arbitrage across individual
well-thought-out prior to launching the Sandbox.
Sandbox jurisdictions.
BOX 12
Thematic Regulatory Sandboxes in Sub-Saharan Africa64
Thematic Regulatory Sandboxes can promote and encourage innovation which focuses on accomplishing policy
priorities, such as Financial Inclusion. Evaluation criteria, in the Sierra Leone Sandbox framework require an appli-
cant to demonstrate how its proposed innovation can advance the country’s national financial inclusion strategy
(NFIS). The framework also allows for Inclusion objectives to be bound to Sandbox participants through the
requirement that the underserved be included in Sandbox testing (collecting vital information and data about
their needs) and/or being a direct beneficiary of the proposed innovation after deployment. Incentives may also
be offered to innovators who primarily address financial inclusion objectives.65
The Financial Sector Deepening Africa (FSD Africa) Network, in conjunction with financial and technical sup-
port from partnering organizations and respective central banks, launched ‘Fintech challenge’ contests in Sierra
Leone and Mozambique—two developing countries in Sub-Saharan Africa with high unbanked populations.
These challenges represented an effort to promote, attract and catalyze development of local Fintech innovation
to create beneficial solutions to the country, specifically encouraging innovation in providing financial services
to the underserved. The contest funding provided a vital injection of seed capital to local innovators, an invest-
ment similar to an Accelerator. Contest winners who addressed areas of need were awarded cash prizes and
invited to participate in the subsequent launch of a ‘thematic’ financial inclusion focused Regulatory Sandbox
pilot program.
22 HOW REGULATORS RESPOND TO FINTECH: EVALUATING THE DIFFERENT APPROACHES—SANDBOXES AND BEYOND
� BOX 13
The Global Financial Innovation Network (GFIN)
In early 2018, the United Kingdom’s Financial Conduct Authority (FCA) proposed a global Sandbox—for firms to
test innovative products, services, or business models across more than one jurisdiction. It aimed at creating a
platform for cooperation between financial service regulators on innovation related topics by sharing their expe-
riences and approaches. The Global Financial Innovation Network (GFIN) was formally launched in January 2019
by an international group of financial regulators and related organizations, including the World Bank Group.
GFIN now comprises of a network of 38 (and counting) organizations committed to supporting financial innova-
tion pertinent to consumer interests. It seeks to provide innovative firms with an efficient way of interacting with
regulators across jurisdictions, while scaling their ideas. The response to establishing GFIN as a practical method
for collaboration and cross-border testing has been wholly positive across leaders from the industry as well as
international regulators.
The objectives of GFIN are three-fold:
i. �To act as a network of regulators to collaborate and share experience of innovation in respective markets,
including emerging technologies and business models, and to provide accessible regulatory contact infor-
mation for firms.
ii. To provide a forum for joint Regtech work and collaborative knowledge sharing/lessons learned.
iii. To provide firms with an environment in which to trial cross-border solutions.
In order to achieve these objectives, they have organized themselves into three workstreams that directly reflect
each of the three objectives. Early responses to the convening of the network included welcoming the need
for regulatory cooperation, and a platform to collaborate on common challenges or policy questions that firms
faced across different jurisdictions.
In June 2019, the network published their key milestones from the one year of operation68 including recognizing
the need for a standard assessment process to assess eligibility for cross-border trials and increased cooperation
between regulators.
There are essentially 4 options available to the firms at 2. Regulatory Change: This is the recognition that the
exit. They are: regulatory framework as it currently stands is not ade-
quate and requires a regulatory change to support this
1. Full authorization: If the test is successful, and the firm
new type of business model. Policymakers should be
is deemed capable of being suitable for the market,
ready and willing to face this outcome before embark-
the firm applies for full authorization so the restricted
ing on a Regulatory Sandbox.
authorization or temporary licensing can be removed.
At this point any relaxed legal and regulatory require- 3. Extension: Firms can also apply to extend the period in
ments expire and the Sandbox entity must either begin the Sandbox test environment if conclusive results are
to legally operate or exit from the Regulatory Sand- not obtained. However, this should be used sparingly
box. To be eligible to migrate to full authorization and as otherwise it bears the risk of an extended period
licensing, policymakers should consider the require- of operating with exemptions. Should an extension be
ments that an applicant may need to demonstrate required, a formal application for extension including
to show it has achieved its intended test outcomes, the time-period for which extension is required should
can comply with relevant or revised legal / regulatory be made by the firm. The decision to grant an exten-
requirements, and is ready to deploy the innovation on sion is often under the sole discretion of the regulator.
a broader scale.
THE DIFFERENT REGULATORY APPROACHES 23
� FIGURE 8: A Typical Sandbox Lifecycle
EXIT
Extension of temp. license
Full license
Cease and desist
Regulatory change
Applicants submit
MONITOR a proposal to the
Ongoing evaluation
and monitoring by Sandbox
authority
ELIGIBILITY
TEST Assessment against
Testing period Sandbox objectives
usually 6–12 and eligibility
months criteria
TEST DESIGN EVALUATION
Risk protection Evaluate whether
AML/CFT disclosure firms are suitable
Consumer for testing in the
protection sandbox
4. Cease and Desist: This can take place at any time dur- Regulatory Sandboxes can generate concrete evi-
ing the testing phase. If the testing has revealed to the dence on how new technologies work in practice and
firm and the regulators that it is not suitable for the can prove a useful tool providing valuable insights to
market, either due to the lack of readiness or the need policymakers when used appropriately. However, they
for the product not clear within the market. Some firms are but one tool available to regulators and are not a
have also changed their business model and offering turnkey recipe for unlocking financial innovation. In fact,
based on the results and reactions during the test- other than in cases where it is being used to increase
ing phase. A cease and desist plan should include an competition, Sandboxes are most useful only in those
orderly wind-down and should have been included as cases where there is a need to resolve regulatory ques-
part of the firm’s initial application process. This is so tions with evidence derived from experimentation. For
that all obligations are addressed. instance, in Singapore, MAS used their Sandbox to test
the predictive accuracy of insurance policy bots and in
Malaysia the accuracy and efficiency of digital ID solu-
24 HOW REGULATORS RESPOND TO FINTECH: EVALUATING THE DIFFERENT APPROACHES—SANDBOXES AND BEYOND
�FIGURE 9: Exit Options at the end of testing period improve the familiarity of the regulator with
Fintech products, concepts and firms: their
Deploy solution in strengths and weaknesses, their implications
the market with for financial markets, and their potential
necessary approvals
applications in inward focused operations;
while giving Fintech firms some insight into
Consider need for the emerging questions and needs central
regulatory change banks might have, as policymakers, regula-
End of test tors and operators.
period
A Regulatory Accelerator should not be con-
Extend test peiod fused with an Industry Accelerator. The key dif-
if needed
ferences between common facets of the two
are highlighted in the table below.
Accelerators adopted by public authorities
Not successful?
Cease & Desist commonly function by developing specific
use cases that are characteristic of challenges
faced by the authority, and the private sector is
tions was explored using the Sandbox established by invited to address these use cases through the use of inno-
Bank Negara. The ancillary benefits—such as to form vative and emerging technologies. The Bank of England
better insights into the market, intelligence on trends (BoE) launched one of the first central bank run Fintech
and emerging risks, signaling by the regulator—can be Accelerators (see Box 14 below) to undertake structured
delivered by programs other than Sandboxes. Sand- Proofs of Concept (PoCs) for use cases that were relevant
boxes increase the need for a skillful supervision and for the central bank.
as this emerging field develops, supervisory authorities
The concept used by the Bank of England was used to
might need to be granted enough power and resources
develop the Regtech for Regulators or R2A. An initia-
to exercise effective prudential supervision.
tive by the Bill & Melinda Gates Foundation, Omidyar
Regulators should look to other jurisdictions to under- Network, the US Agency for International Development
stand lessons learned, with the added realization that (USAID) and implemented by Bankable Frontier Associ-
Sandboxes are context specific. Authorities can, and ates (BFA). R2A partnered with financial sector authorities
should, use a combination of regulatory tools and Inno- to understand key challenges in regulation, market super-
vation Facilitators to provide a holistic program to stim- vision, and policy analysis with the explicit aim to identify
ulate innovation and growth through a controlled and technology-based solutions to solve them. The initiative
regulated but not restrictive environment. However, was launched in October 2016 and has thus far partnered
Sandboxes and other structured regulatory approaches with the Bangko Sentral ng Pilipinas (BSP) (See Box 15
should not be a substitute for building effective, perma- below) and with the Mexican Comisión Nacional Bancaria
nent regulatory and legal frameworks that may eventu- y de Valores (CNBV) to develop and test prototypes of
ally need to be established. emerging technology solutions to supplement their work
as regulators.
Solutions have also been identified using a “hack-
Regulatory Accelerators or Regtech Labs
athon” type process that introduces the idea of a timed
An Accelerator for regulators enables partnership competition to solve pre-determined use cases. One
arrangements between innovators or Fintech firms and illustration of this regulator driven process are the “Tech-
government authorities to ‘accelerate’ growth, inno- Sprints” conducted by the Financial Conduct Authority
vate on shared technologies, and develop use cases (FCA). They range from one to three-day events run by
that are particular to that authority. The development of the regulator to bring diverse market participants from
Suptech71 (supervisory technology) or Regtech (Regula- established firms to technologists, innovators and even
tory Technology) solutions often stem from a Regula- academics together to work collaboratively on technol-
tory Accelerator or a Regtech Lab. They are used to ogy-based solutions to challenges shared by the finan-
THE DIFFERENT REGULATORY APPROACHES 25
� TABLE 1: Industry Accelerators versus Regulatory Accelerators.
INDUSTRY ACCELERATORS REGULATORY ACCELERATORS
Purpose To help ventures define and To work with innovative firms, helping them
build initial products and identify understand the central bank/regulator’s/policy
consumers and investors maker’s needs, and support the policymaker
to understand emerging technology.
Duration of firm engagement 3-6 months Usually shorter at 1–3 months
Business model Investment in successful firms Non-profit, no equity taken
(can also be non-profit)
Selection Competitive, in cohorts Competitive, in cohorts
Venture Stage Range from Early to Late Generally later stages only
Programme Structured programme similar for PoCs structured according to use cases
all firms in the cohort, culminating in and success criteria specific to the public
a demo day institution. No comparison between firms
Resourcing and Mentorship Primary resourcing from start-up Start-up staff work with the public institution’s
staff but with support from mentors subject matter experts
Venture Location On-site Mostly off-site
*Note that details are for illustrative purposes and not all accelerators are designed in exactly this way.
Source: Adapted from Andrew Hauser Speech, BoE. https://www.bankofengland.co.uk/speech/2017/the-boes-Fintech-accelerator-what-have-we-done-
and-what-have-we-learned.
cial services industry.73 Another example of this kind of These initiatives can be used to test solutions in emerging
timed competition, is the Global Fintech Hackccelera- economies and can be useful ways to streamline think-
tor74 launched by the Monitory Authority of Singapore ing and solutions. This topic is explored in more detail in
(MAS) which offers a 12-week virtual programme and the upcoming WBG paper on Suptech solutions to sup-
gives participants the opportunity to win a cash stipend. port supervisory functions of both conduct and prudential
They do this by partnering with Fintech firms who work supervision. Accelerators tend, for the most part to work
competitively to develop market solutions to financial on solutions that help financial authorities regulate and
sector challenges. supervise the marketplace more effectively and efficiently.
The solutions can support the authorities implement their
Such initiatives are useful in breaking down silos, focus- mandates while an added benefit is the ability to provide
ing solutions and catalyzing new thinking while keeping in hands on experience for regulators on innovative technol-
mind regulatory constraints and objectives. Moreover, as ogy especially as more and more firms in the marketplace
solutions are created and deployed in real-time, they are begin to use these technologies. It is important to note
an agile method to prove or disprove a concept quickly. here that firms that apply to work on an Accelerator are in
Use cases can range from Regtech questions such as: most cases not regulated by the financial institution they
identifying solutions to improve the efficiency of regula- apply to work with, but rather they are providing more of
tory reporting, or the use of technology to optimize col- a streamlining of operations. This is preferable to avoid
lateral risk management, or Suptech solutions to support conflicts of interest of regulating a firm that is providing
better detection of money laundering and financial terror- services to the authority.
ism, to consumer facing solutions to increase youth finan-
cial literacy.
26 HOW REGULATORS RESPOND TO FINTECH: EVALUATING THE DIFFERENT APPROACHES—SANDBOXES AND BEYOND
�BOX 14
Fintech Accelerator: Bank of England (BoE)
The BoE launched a Fintech Accelerator in June 2016 to help it harness Fintech innovations for central banking
purposes. It worked with small cohorts of successful applicants on short Proofs of Concept (PoC) in priority areas,
such as cyber-resilience, desensitization of data and the capability of distributed ledger technology.
Using an open and competitive application process, the BoE Accelerator helped the central bank create a frame-
work to reach an array of Fintechs who could collaborate directly with different business areas within the Bank.
The aim was to be agile: testing the solution and the technology fast and if necessary, failing fast, to prove the
concept within an average period of 3 months.
Main Functions of the BoE Accelerator
The Accelerator provided the BoE with a number of tangible and intangible benefits; from enabling a faster path
to engaging with start-ups and streamlining the product and testing environment, to the development of intelli-
gence on growing market trends, and importantly gaining first-hand experience of a range of new technologies,
while evaluating their application both to the Bank’s own functions and in the wider market; through to being a
catalyst for innovation within the Bank.
FIGURE 10: BoE Accelerator Process
PoC Insights Topical
demos pieces seminars
Internal
Outreach to
knowledge
business access sharing
Application Proof of concept Write-up/
process process publication
Engagement
Market with:
intelligence
FinTech Supervised Regulators
industry firms
*Adapted from Bank of England website
THE DIFFERENT REGULATORY APPROACHES 27
� BOX 15
Bangko Sentral ng Pilipinas Case Study72
The Challenge: Bangko Sentral ng Pilipinas (BSP) constantly dealt with numerous customer complaints making
it challenging to ensure that they were all dealt with adequately and in a timely fashion. The central bank was
heavily reliant on manual processes and relatively outdated technologies such as direct mail and call centers to
field complaints or queries and provide timely resolutions.
The Use Case: To help solve for this problem, R2A worked with the central bank to develop a clear and detailed
use case for a chatbot application and a complaints management system. They recognized that Artificial Intelli-
gence (AI) and Big Data could have the potential to even out many of the pain points in complaints aggregation,
processing, and analysis. The use case was advertised publicly, and firms were invited to submit a proposal on
how they would conduct a Proof of Concept (PoC) to resolve the challenge.
The Solution: A selection committee that drew from global experts selected a vendor that best met the func-
tional and design requirements of the use case. Some of the design elements included allowing consumers to
file complaints through their mobile handsets via either an app or SMS and the ability to delegate all routine
tasks to the chatbot such as initial screening and directing non-BSP complaints to the right institution. The solu-
tion ensured that human interaction and intervention was used for more complex or nuanced tasks such as the
analysis of recurrent types of frauds and onsite inspections.
The Outcomes:
• The solution was estimated to have provided a time saving of 1 to 2 weeks per month for complaints analysis;
• It enabled BSP to have visibility over customers’ experience, which could then be used to improve experience;
• The data and insights gathered through the chatbot could additionally be used to verify compliance with mar-
ket conduct regulation and develop policies that are informed by knowledge of users’ needs and challenges.
An interesting and unexpected development was that although the chatbot was programmed to be proficient in
both English and Tagalog, numerous requests were coming in a mixture of the two languages. The bot has since
been teaching itself how to speak “Taglish”—a hybrid of English and Tagalog!
FIGURE 11: BSP Chatbot Application Process
Central Bank Complaints Electronic portal for Supervised
resolution supervised entities entities
database
Call center complaint
Chatbot management interface
Complaint
application case CaseManager™
database
Consumer
specialist
SMS
API Gateway Gateway
Facebook SMS Future Voice calls Mail Emails Kiosks and Walk-ins
28 HOW REGULATORS RESPOND TO FINTECH: EVALUATING THE DIFFERENT APPROACHES—SANDBOXES AND BEYOND
� ronment.76 In 2016, the EU also adopted the General Data
REGULATORY APPROACH 4: Protection Regulation, which updated data privacy rules77
REGULATORY LAWS AND REFORMS first set in 1995. Another example of incremental chance
is the case in South Korea where the government enacted
The uncertainty of the regulatory framework has oft been
two laws giving regulators oversight of mobile payments
cited by firms as a barrier to growth. The need for trans-
and establishing consumer protections through their Elec-
formative regulatory change may be considered the goal
tronic Financial Transactions Act and the E-Commerce
in order to introduce lasting change and a truly enabling
Consumer Protection Act. These laws in essence extend
environment that offers Fintech the opportunity to scale.
the principles of consumer protection and disclosures to
In jurisdictions where regulators are unable to apply digital financial services and mobile payment systems.
the existing regulatory framework to new innovation,
In other cases, however, jurisdictions have applied new
emerging policy responses and regulatory reform most
laws or regulations in order to support directly the
commonly include adjusting or amending regulatory
development of the legal and regulatory framework to
frameworks to accommodate Fintech innovation (Policy
respond to the contextualized Fintech market and adjust
response 2) or creating new regulatory frameworks or reg-
accordingly, particularly in areas where the regulatory
ulations to include (or prohibit) Fintech activities (Policy
framework is either inflexible, unclear or not present.
response 3). This includes instruments such as laws or new
This could take the form of introducing a new license
regulations to extend regulatory perimeters, introduce
for a specific activity such as the new crowdfunding law
specific requirements for new class of players in the eco-
in Colombia or even introducing an overarching law for
system or to specifically prohibit certain Fintech activities.
Fintech as a whole as seen in Mexico. This section high-
In some cases, jurisdictions have applied a particular lights select examples of new regulations and the intro-
regulatory approach like wait-and-see, test-and-learn, duction of a specialized licenses for Fintechs as a policy
an Innovation Facilitator or a combination of these approach to support the development of an enabling
approaches in order to support the implementation of legal and regulatory environment for Fintech.
regulatory reform. An example of this is the case when
the e-Money license was introduced in Kenya in 201475
Introducing New Regulations,
following the test-and-learn approach to understand
Fintech Licenses and Special Charters
how the innovation would play out in the market (see Box
3). Prior to the regulation being released, the prudential Introducing a new regulation is used by some jurisdictions
and market conduct requirements and monitoring obli- as a direct response to Fintech. A now familiar example of
gations for mobile money providers were articulated in this is the umbrella Fintech Law (Ley para Regular las Insti-
the letters of no-objection granted by the Central Bank tuciones de Tecnología Financiera) issued by the Mexican
of Kenya (CBK). The National Payment systems regula- authorities as their primary approach to Fintech. In the
tion 2014 brought certainty to the market and added a case of Mexico, the jurisdiction operates under a civil law
necessary layer of consistency and considered consumer mandate and as a result the regulator is only able to work
protection measures. within the rule-based permissions (conferred upon them
by the law under which they operate). The rule-based
Incremental change of policy frameworks overtime is a permissions limited the ability of the regulator to use pro-
common policy response towards Fintech. For instance, portionality and judgement-based supervision as tools
in 2015, when the EU updated its Payment Services Direc- when regulating Fintech. In this context, taking into con-
tive (PSD2)—which governs the payments systems among sideration the objective of the regulator and the outcome
member countries- to integrate electronic transactions they intended to achieve, the issuance of an overarching
into the existing framework through strict security require- Fintech law was the most suitable approach for the case of
ments for e-payments, mandating the protection of Mexico. (See Box 13 for specifics on the law.)
consumer data and transparency of requirements for pay-
ments services, and setting the rights and obligations of Other jurisdictions have introduced new ‘Fintech licenses’
users and providers. The updated Directive also increased to respond to market needs, which is generally a license
competition and opened up the payment services market, with simplified requirements and clear limits on its per-
allowing Fintech companies to compete on a level playing missions. The license is associated with certain eligibility
field and consumers to operate in a more secured envi- criteria that is not applied on a case-by-case basis but is
THE DIFFERENT REGULATORY APPROACHES 29
� BOX 16
Using a Regulatory Reform as an Approach to Fintech in Mexico
Mexico adopted an umbrella law on Fintech (Ley para Regular las Instituciones de Tecnología Financiera) on
March 9th, 2018, following months of consultation among public and private sector stakeholders- including
banks, non-bank financial institutions, the Mexican Fintech association, banking association, and academic insti-
tutions—and the approval from the bicameral legislature of Mexico.
The Law sought to give further framing (and restriction) to Fintechs focused on certain activities—particularly in
payments, crowdfunding, and those using virtual assets as part of their business model. The Law itself introduces
a general regulatory framework, which is intended to be adapted to the constantly evolving sector using sec-
ondary regulation to cover the detail of the implementation. The Mexican Banking and Securities Commission
(CNBV), the Mexican Central Bank (Banxico), the Ministry of Finance and Public Credit (SHCP) and other financial
regulators were required to publish the corresponding enabling regulations within the 6,12 and 24 month peri-
ods following the Fintech Law’s effective date.
This approach was adopted due to the civil law mandate under which Mexico operates. The secondary legisla-
tion provides the flexibility necessary to adapt regulation to the changing environment without necessitating a
change in law. Its introduction has positioned Mexico as a progressive and attractive environment encouraging
for Fintechs, which can develop in a considered manner.
The Law builds on six governing principles: (i) facilitating financial inclusion and innovation, (ii) ensuring con-
sumer protection, (iii) safeguarding financial stability, (iv) fostering competition, and (v) protect against anti-
money laundering and combating the financing of terrorism (vi) neutral approach to supervision via technology.
To this end it has introduced:
• A legal framework for the authorization, operation and supervision of Fintech institutions domiciled in Mex-
ico (Instituciones de Tecnología Financiera, ITFs) focusing on two particular types: crowdfunding institutions
(IFCs) and electronic payment funds institutions (IFPEs).
• The legal basis for a Regulatory Sandbox environment for innovative companies, outside the established
frameworks included in the law and regulations.
• The introduction of the concept of open sharing of data for non-confidential aggregate data and for transac-
tional data with consumers’ consent through the Application Programming Interfaces (APIs).
• A provision to recognize virtual assets and regulate their conditions and restrictions of transactions and opera-
tions in Mexico.
provided for all similar activities within the market that Another example is the national administrative law in the
meet the authorization criteria set up the regulator. One European Union which gives competent authorities of
such example is the Swiss Fintech License introduced in Member States the power to grant restricted licenses.
2017 into the Banking Act, which was introduced with This is demonstrated in Germany, where supplemented
the specific intention of attracting innovative Fintech by a provision within its own national law, BaFin- the
businesses to Switzerland. The license allows licensees national regulator, is permitted to grant authorizations
to accept deposits from the public up to CHF 100 mil- for selected banking activities and financial services,
lion, but it does not allow them to invest the deposits without the need for entities to have a full banking
or to pay interest on them- which are reserved for the license. Although firms holding this type of license are
banking community. restricted in terms of their business activities, the require-
ments they must meet are scaled down proportionally as
dependent on the risk and complexity of their business.
30 HOW REGULATORS RESPOND TO FINTECH: EVALUATING THE DIFFERENT APPROACHES—SANDBOXES AND BEYOND
� BOX 17
The OCC Fintech Charter
The OCC gets its authority from the National Bank Act (NBA) and is responsible for supervising national banks
that fall under federal jurisdiction and are hence exempt from state laws. The US Office of the Comptroller of the
Currency (OCC) has a long -standing practice of granting special national bank charters for banks limiting their
activities to fiduciary services, including trust banks and credit card banks.
The rise of Fintechs that were involved in the “three core banking functions”: receiving deposits, paying checks,
and lending money posed a gap for the OCC who proposed the idea of a special purpose national bank (SPNB)
charter also called the ‘Fintech charter’ in 2016 for those firms. In practise, this meant that those that applied
for this federally regulated charter would benefit from the preemption of many state laws and regulations hence
potentially easing the regulatory burden by consolidating a company’s responsibilities.
Due to the turf lines it crossed, this charter has been fraught with hurdles and lawsuits and at the time of writ-
ing no OCC Fintech charter had yet been granted since it opened for applications in July 2018. This is largely
attributable to the fact that the relationship with state regulators as well as other federal regulators has not been
made clear.
Yet, the legal context alone does not suffice to ensure ing economic function and activity rather than the entity
that the authorities use dispensation policy effectively itself, there may not be sufficient need to introduce a
and it should be effectively overlaid by capacity and new law, license or charter.
supervisory knowledge.
In addition, there can be challenges to introducing new
Other jurisdictions that have explored the route of the regulations without fully understanding the legal and reg-
Fintech license include the US Office of Comptroller of ulatory implications, and the process may not always be
the Currency (OCC) through its Fintech Charter (see box suitable for jurisdictions that require a more timely, agile
below) and the Autorite de Controle Prudentiel (ACPR) approach. The capacity of the regulator to calibrate new
and the Autorite des Marches Financiers (AMF) in France regulations effectively is critical, as suboptimal or exces-
who offer simplified licensing processes for Fintech firms sive regulation may lead to inadequate innovation or,
and may also waive particular, non-essential reporting even worse, cause highly unacceptable risks to consumers
and compliance requirements. as well as the financial system more broadly. In addition,
when introducing new laws and regulations, substantial
While regulatory reform might eventually be required
coordination is required, which often requires months of
to bring about transformational change, approaches
consultation with public and private sector stakeholders,
should be allied with the jurisdictional framework. For
industry specific focus groups and committees, and wide
instance, if a jurisdiction can adequately apply or amend
communication across key stakeholders like Fintech asso-
existing regulatory frameworks to new innovations and
ciations, banking association, and academic institutions
their business models, often by focusing on the underly-
which is quite time consuming.
THE DIFFERENT REGULATORY APPROACHES 31
� FIGURE 12: Areas in Which Authorities Have Modified Their Regulatory Framework (i.e. Expanding
the Perimeter or Introducing a New Regulation) to Address Emerging Risks from Fintech activities
18
16
14
12
10
8
6
4
2
0
East Asia Europe and Latin America Middle East North America South Asia Sub-Saharan
and Pacific Central Asia and Carribbean and North Africa Africa
Crypto-assets: Issuance, Peer to peer lending. Algorithmic/Automated trading
Exchange and Custody. and/or smart contracts.
Investment products with Mobile money / payment Others
robo-advisors. services.
Lending activities with artificial Insurance. None
intelligence and machine
learning on credit scoring.
Source: IMF-WBG BFA Survey 2019
32 HOW REGULATORS RESPOND TO FINTECH: EVALUATING THE DIFFERENT APPROACHES—SANDBOXES AND BEYOND
� EVALUATING
IV THE RIGHT
REGULATORY
APPROACH
Financial sector policymakers worldwide are finding themselves in a regulatory dilemma
when trying to achieve the right balance between enabling innovative Fintech and
safeguarding the financial system. The IMF-WBG Global Fintech Survey revealed that,
roughly 73%78 of surveyed jurisdictions indicated that they were reviewing and amend-
ing their policy framework to enable Fintech investment, innovation, and adoption. This
sentiment was echoed in the WBG-CGAP survey on Innovation Facilitators.79 Under-
standing an appropriate approach to Fintech can be difficult, and prior to assessing
the best approach for Fintech, policymakers should spend sufficient time and resources
understanding and assessing the current Fintech landscape, its regulatory implications
and overall supervisory expectations for Fintech developments.
When deciding which approach or sequence of approaches to adopt in order to inform
subsequent policy responses, there are a number of considerations that need to be
made by the policymaker such as the objectives they are trying to achieve, how Fintech
plays into the overarching strategy for the country, considerations of the critical success
factors, and importantly, the country circumstance. The section below highlights some
of those variables.
Assessing Objectives, Conditions and Feasibility
Country circumstance is one of the most important considerations when debating the suit-
ability of a regulatory approach. Before a jurisdiction decides to embark down the route
of choosing an approach(s), authorities should step back and objectively review their
existing legal and regulatory framework, the stakeholder ecosystem including the private
sector and other regulatory or supervisory bodies, the capacity and resources available
to the regulator, as well as the market conditions including competition criteria and the
maturity of the Fintech market. This assessment will help policymakers understand and
identify key objectives and priorities, the feasibility of undertaking particular approaches
(given capacity and resources) and the appropriateness of that approach given the coun-
try context and its alignment to policy objectives. Variables to assess include:
The institutional mission and policy priorities: The level of experimentation that a regu-
lator is willing to allow is ultimately dependent on their statutory objectives. In the
context of individual jurisdictions, where different regulatory objectives (e.g., financial
stability, consumer protection, market conduct, competition) are mandated to different
agencies, the adoption of an approach to Fintech will also require intra-agency coor-
dination. Policy priorities also play a role here. For some jurisdictions, approaches to
EVALUATING THE RIGHT REGULATORY APPROACH 33
� Fintech were instituted with a focus on supporting mar- intensive to design and implement. Of the facilitators,
ket development objectives, such as economic growth, Innovation hubs, will likely not require the substantial
productivity and financial inclusion. While others seek to resources and capacity needed for other frameworks
understand and mitigate the potential risks from emerg- such as a Sandbox, and are useful to help jurisdictions
ing financial innovation to consumer protection, financial with limited resources to engage meaningfully in the sec-
integrity and financial stability. tor and inform their regulatory responses.
Legal and Regulatory Framework: Regulatory innovation Market conditions and Feasibility: The market conditions
initiatives have been most successful when aligned with include the inherent competition in the sector as well
a regulator’s mandate and underpinned by a sound legal as the gaps in the appropriateness of financial products
basis. Consideration should be given to the legal and reg- available, especially to certain segments of the market
ulatory framework, i.e. Civil Law, Common Law, Hybrid or such as the underserved or financial excluded. Under-
other; and what powers are available to the regulator under standing the feasibility of undertaking a particular reg-
that framework. Typically, the case is that a civil law jurisdic- ulatory approach will help determine whether benefits
tion subscribes to a rules-based approach where rules are outweigh costs. In addition to informing the initiative
encoded in law, whereas the alternative principles-based design, a feasibility assessment can provide an opportu-
approach establishes broad but articulated principles nity for the regulator to engage in substantive dialogue
allowing for supervisory discretion. However, it should be with other regulatory stakeholders, international peers,
noted that now there has been significant convergence and industry and market participants.80
between the two major legal systems and many countries
Stakeholder Ecosystem: The number, objectives and
now have a combination of their features. Notwithstand-
relationships between the stakeholders in the ecosystem
ing, a jurisdiction’s legal framework will determine the flex-
should also be carefully considered. Stakeholders include
ibility available to regulators and will define the extent to
other regulatory bodies, industry groups and incumbents
which regulators can implement legislative action such as
among others. Often, there are several regulators within
amendment of laws or grant exemptions. For example,
the same jurisdiction who are responsible for related
some legislations allow for “letters of no objection” or
but distinct supervisory activities. With the new business
“restricted authorization/licensing” or “special charters”—
models introduced by Fintechs, there is often uncertainty
all of which can be used by regulators on a case-by-case
regarding the remit they fall into which can potentially be
basis. Undertaking an assessment of the legal and regula-
exacerbated if there is a lack of co-ordination between
tory framework is a crucial first step in that it helps to clarify
the separate regulators.
if jurisdictions can apply existing regulatory frameworks
to new innovations and their business models, (often by Risks: Fintech can strengthen financial development,
focusing on the underlying economic function rather than competition, inclusion, and efficiency. But it may also
the entity) or if there is a need to initiate new laws. pose risks to consumers and investors; operational and
cyber resilience; and financial stability and integrity. These
Maturity of Fintech segment: Understanding the matu-
risks can manifest in different ways in different country
rity of the Fintech market is critical to understand the
contexts—for example the impact of new payment sys-
appropriateness of a particular regulatory approach. For
tem providers (PSP) in a country that is highly bank cen-
instance, in the case where the market may have only
tric will be decidedly different to market reactions in a
a few Fintechs in operation, applying a resource inten-
country that is unbanked or under-banked. A thorough
sive Regulatory Sandbox, may not be appropriate. For
assessment of risks is also vital in being able to develop
approaches such as a Regulatory Sandbox to function
and apply a sound measurement system to monitor and
effectively, the existence of a functioning and mature
evaluate outcomes for various policy approaches and its
entrepreneurial environment is vital. There are many
implications on resulting policy responses.
jurisdictions that have set up Sandboxes but fail to have
many, or any, applicants. For those markets where the In light of the considerations noted above, the table
Fintech ecosystem is still nascent, other Fintech tools below measures the implications of the country circum-
might be a better fit. stance against the regulatory approaches laid out in this
paper. The table below is not exhaustive and is intended
Capacity: Different approaches to Fintech make different
as an initial tool to help policymakers consider the differ-
demands on regulator capacity. In principle, structured
ent regulatory approaches and assess which approach is
Innovation Facilitators can be challenging and resource
most appropriate given their country context.
34 HOW REGULATORS RESPOND TO FINTECH: EVALUATING THE DIFFERENT APPROACHES—SANDBOXES AND BEYOND
� TABLE 2: Policy Assessment and Implications with Regulatory Approaches to Fintech
WAIT-AND- SEE TEST-AND-LEARN INNOVATION FACILITATORS REGULATORY
REFORM
LETTERS OF NO WAIVERS/ RESTRICTED INNOVATION REGULATORY
OBJECTION EXEMPTIONS AUTHORIZATION HUBS SANDBOXES * ACCELERATORS
Legal and Needs to be within Require powers Usually Usually codified in No additional Require wide No additional legal pow- The efficiency with
Regulatory the scope of the to interpret law codified in law, but subjective legal powers scope of powers to ers required. Provides which this can be
Framework regulator to permit law, therefore decisions from the required to set provide restricted the ability to test, demo, conducted depends on
postponing deci- no need for regulator required. up a point of authorization, pro- and generate Proofs the overarching legal
sions until all valid subjective deci- contact portionate require- of Concept around system in which the
contingencies have sions from the ments or waivers if emerging technologies, jurisdiction operates.
occurred. regulator required. however procurement
laws might need to be
considered.
Capacity Minimal addi- No additional Require Require resources Requires dedi- Requires substan- Requires dedicated Resources dedicated
and tional resources resources for resources for for establishment cated resources tial resources for resources for establish- to Fintech might not
Resources required, however implementation establishment for establish- establishment, ment and operation. be needed, however
monitoring of the or maintenance No special ment and continuous design, supervisory capacity
activity should be are required after No special resources for operation maintenance and will need to be
conducted dispensation is resources for maintenance are monitoring. increased.
provided. maintenance required
are required
Market Relevant for markets Relevant for Relevant for Relevant for Relevant for Relevant for devel- Relevant for those Relevant for those
Conditions with limited capa- smaller markets, developed smaller markets, those markets oped markets, with regulators who want to markets where a clear
(incl. city, but keen not to with a more markets, with a contained where a need for active non-licensed improve their functioning gap in the regulatory
hinder innovation. contained scope with active scope of innovative regulator input players. and streamline compli- environment is noted.
Maturity)
Useful as an initial of innovative non-licensed services. is observed but ance.
step before embark- services. Also players. the approach
ing on other useful for non- undecided. It is
more involved traditional firms a good precur-
approaches. entering the sor to a Sandbox
financial sector. model.
Stakeholder Requires trust from Requires trust As regula- As regulators do Market trust not Requires high levels Requires trust and Regulators do not
Ecosystem the market as from the market, tors do not not make arbitrary a key factor but of trust from the market participation to make arbitrary deci-
decisions are as letters of make arbitrary decisions, trust a useful value- market, as regula- ensure success. sions and policies
discretional. objection can be decisions, from the market add to ensure tor’s decisions are are often put out to
contested trust from the is not of primary the success of discretional and consultation before
market is not relevance the hub. could be contested being passed by law
of primary underlining the impor-
relevance tance of stakeholder
buy-in.
* Often Regulatory Sandboxes also make use of the dispensations allowed under the test-and-learn approach.
EVALUATING THE RIGHT REGULATORY APPROACH
35
�� GUIDANCE FOR
V POLICYMAKERS &
CONCLUSION
The rise of Fintech has connected global financial markets and presents significant
opportunities as well challenges requiring policymakers to adapt to this rapidly meta-
morphosing sector. While policymakers have aligned on the strategic importance and
challenges, authorities now face the task of implementing practical, appropriate mea-
sures in their markets to further enable stable and orderly adoption of new technologies
and business models by the market and by regulators themselves.
In this report, we laid out the common regulatory approaches seen around the world,
the table below outlines some of the pros and cons of each regulatory approach and is
one tool to support policymakers’ decisions as they define their approach and ensuing
policy response.
There exists a fine balance and a number of pieces at play when debating and deciding
the regulatory approaches to be considered. The important point to note is that there is
no ‘perfect solution’ and like the process of iteration needed to hone a perfect business
model, the approaches regulators adopt will undergo refinement over time and adapt
to the context in which it is operating.
Before embarking on any policy approach towards Fintech, regulators should ask them-
selves (in additional to undertaking a comprehensive assessment—see Section IV):
1. Is this approach really the right tool to achieve your regulatory objective?
2. Do you have the powers and flexibility to operate this approach under the existing
legal framework?
3. Does the licensing regime allow you to grant temporary licenses/waivers (subject to
restrictions and conditions) if needed?
4. Is there interest from the market to participate in this approach?
5. Do you have the necessary data protection laws in place to protect consumers?
6. Do you have the necessary resources and supervisory capacity to set up this
approach?
7. Have you sufficiently considered implications post-approach? Would restrictions be
removed if applicable? Will regulatory change be initiated?
Undertaking an assessment of the landscape (see Section IV), taking into consider-
ation the country context, prior to selecting an approach to Fintech is a necessary first
step for all regulators. It is then the outcomes and lessons distilled from the use of
GUIDANCE FOR POLICYMAKERS & CONCLUSION 37
� TABLE 3: Evaluating the Benefits and Risks of Different Regulatory Approaches
REGULATORY BENEFITS RISKS
APPROACHES
“Wait and See” 1. Allows regulators to understand technology and its 1. Risks around consumer protection and financial
possible application(s) in the financial market prior to stability are high if left unhampered
regulatory changes 2. Has a short shelf life and should not be allowed to
2. Regulators can informally monitor trends to determine carry on indefinitely.
when and where formal intervention is performed/ 3. Needs to be carefully used for select products
required
4. Regulators need to monitor the market carefully to
3. No legislative reform required; existing regulation ensure product doesn’t develop unchecked and
continues to be upheld. cause impacts on the statutory objectives.
“Test and Learn” 1. An agile approach, where regulators grant restricted 1. Not designed to be used indefinitely
licenses or partial exemptions for new-entrants or 2. Scalability is difficult for mature Fintech markets
established intermediaries testing new technologies while due to capacity constraints on oversight
still providing oversight
3. Difficult to ensure equal treatment of participants
2. Provides an active learning environment for regulators and a level playing field; competition issues may
3. Sufficient data and experience for regulators to adjust arise
regulation or apply it accordingly 4. Insufficient monitoring and oversight, or inadequate
4. Regulators can understand risks and observe how the usage of dispensation can create risks around
market is evolving to develop a targeted regulatory consumers or restrict innovation
strategy better suited to the innovative product and
business model.
5. Builds capacity through testing and evaluation which
supports appropriate regulatory reform.
6. Suitable for most Fintech ecosystems and includes
degree of regulatory oversight.
Innovation 1. Allows regulators to better understand the Fintech market 1. Requires some dedicated resources- but less than
Facilitators: and builds capacity to support subsequent regulatory other approaches and skillset can be varied as
Innovation Hubs: reform dependent on the function.
2. Guides interactions with firms while allowing regulators to 2. Regulators should be cautious to not provide
have oversight of emerging financial products and trends. “legal” advice to firms and define the limits of
3. Supports the Fintech ecosystem and fosters an open the Innovation
dialogue with industry.
4. Allows the policymaker to understand and identify trends
before embarking on a more resource intensive approach
towards Fintech.
5. Assist regulators by informing them of potential
issues around Fintech that could be relevant for policy
development.
6. Less resource intensive relative to other innovation
facilitators
7. Suitable for all Fintech markets
Innovation 1. Allows innovators to test on a small scale, innovative 1. Requires substantial resources and capacity
Facilitators: products, services, business models and delivery to implement a Sandbox approach, as well as
Regulatory mechanisms engagement with multiple stakeholders through
Sandboxes: 2. Provides insight into the market; providing the regulator various committees
with intelligence on developments, trends and emerging 2. Not suitable for small Fintech markets and risks
risks. include that few applicants apply to the Sandbox
3. Creates open and active dialogue between regulators 3. Risk of seen to be picking winners.
and firms and brings agility to the regulatory and 4. Risk of inappropriately designed framework without
supervisory framework a clear objective in mind might result in limited or
4. More direct control over risks inappropriate applications.
5. Ability to review the existing regulations to purpose 5. Outcomes might be difficult to measure if
6. Provide a dynamic, evidence-based regulatory objectives not defined at the outset.
environment to learn from, and evolve with emerging 6. Can be deeply labor intensive
technologies
8. Suitable for larger and more developed Fintech markets
where a clear objective has been determined.
38 HOW REGULATORS RESPOND TO FINTECH: EVALUATING THE DIFFERENT APPROACHES—SANDBOXES AND BEYOND
�TABLE 3, continued
REGULATORY BENEFITS RISKS
APPROACHES
Innovation 1. Enables partnership arrangements between innovators or 1. Requires substantial, dedicated resources to work
Facilitators: Fintech firms and government authorities to ‘accelerate’ and develop Proofs of Concept with firms.
Regulatory growth, innovate on shared technologies, and develop 2. In-house knowledge to use and develop use cases
Accelerators or use cases that are particular to that authority is required.
Regtech Labs: 2. Allows regulators to improve familiarity with Fintech prod- 3. Issues of maintaining a level playing field and a
ucts, concepts and firms by getting “their hands dirty’. transparent process.
3. Increased collaboration between the regulators and
stakeholders to develop market solutions to financial
sector challenges
4. Assist financial authorities to regulate and supervise the
marketplace more effectively and efficiently
5. Suitable for more developed Fintech markets where
authorities are keen to test some of the Fintech tools
themselves.
New regulatory 1. To note that all the approaches described above can 1. Introduction of regulation prior to understanding
reform potentially result in regulatory reform. market movements might lead to inappropriately
2. Transformative market change might only be possible with designed regulation.
supporting regulation to support the Fintech industry. 2. More time-consuming a process and might not
3. Suitable as an initial step for more rules-based regimes be able to respond to rapidly changing market
movements.
4. Provides clarity and focus and reduces the potential for
creating an unlevel playing field
approaches and the associated regulatory tools that will space, to either regulated or unregulated firms to help
help define a regulatory response for the country (i.e. them identify opportunities for growth, and navigate
regulatory reforms). the regulatory, supervisory, policy or legal environment.
However, the results are still developing, and it is too
There is still a call for international cooperation to revise
early to draw a definitive conclusion on the outcomes.
existing international standards or develop new stan-
dards related to Fintech developments. Some authori- In parallel, policymakers should engage with the broader
ties use combinations of regulatory tools and Innovation ecosystem such as infrastructure and platforms needed
Facilitators to provide a holistic program to stimulate to support Fintech. Infrastructure includes areas such as
innovation and growth through a controlled, regulated interoperability and the development of data reposito-
environment. ries. With a growing digital economy, the role and impor-
tance of information and cybersecurity also increases,
In order for Fintech to thrive a multi-dimensional approach
adding security functions to protect critical information
needs to be adopted. Our experience has revealed that
and infrastructure. Adaptation of policy, legal and insti-
a detailed review and updating of existing laws and reg-
tutional contexts should be complemented by knowl-
ulations, combined with a defined means of communi-
edge exchange. The interdependence of our financial
cation with the regulator (such as an Innovation Hub to
systems demand that we collectively strengthen our
serve as point of contact) and in very promising cases
efforts in knowledge sharing and coordination. As the
a “test-and-learn” methodology has worked best. This
financial sector moves on from bilateral to networked
requires in-depth consideration of strategy and con-
business models, so too must international institutions
stantly fine-tuning it to suit the changing environment
and domestic authorities enhance mechanisms through
and emerging business models.
which to co-innovate, share experience and coordinate
Innovation Hubs which have been used instead of, or their efforts to promote an orderly adoption and integra-
as a complement to, a Regulatory Sandbox have shown tion of innovation. The healthy development of such an
promise of being more effective and suitable to most ecosystem will result in mutually beneficial cooperation
business needs. They are in particular—often seen as the among stakeholders, and eventually, help financial ser-
first step along a regulatory journey—providing support, vices be delivered at lower cost, higher speed and at
advice, guidance and even, in some cases, physical office better quality to more consumers.
GUIDANCE FOR POLICYMAKERS & CONCLUSION 39
� FIGURE 13: Process for applying an approach towards Fintech
TIPS FOR SUCCESS
Engage early and often with the market
Get-executive level ponsorship
Gauge Preparedness to offer regulatory relief
Facilitate interagency coordination and collaboration
1. Define objectives
Identify KPIs
and policy priorities
Focus on principles not rules
Communication with the market
6. Implement
policy 2. Assess conditions
response and feasibility
Maturity of Fintech Market
Apply existing regulatory
Legal and Regulatory Framework
framework
Risks and Capacity
Adjust existing regulatory
Market Condition and Stakeholder
framework
Ecosystem
Create new regulatory
5. Measure 3. Identify
framework
outcomes risks
4. Select
regulatory
approach Wait and See
Test and Learn
Innovation Facilitators
New Regulatory Reform
40 HOW REGULATORS RESPOND TO FINTECH: EVALUATING THE DIFFERENT APPROACHES—SANDBOXES AND BEYOND
�BOX 18
Tips for Success
Engage early and often with the market: Regulators can benefit from engaging with stakeholders such as
new-entrants, incumbents, individual experts, academics, industry associations and other regulatory authorities.
Undertake a feasibility assessment: Regulatory innovation initiatives can be challenging and resource inten-
sive to design and implement. A feasibility assessment may help determine whether benefits outweigh costs,
and whether the existing regulatory framework is fit for the purpose or if changes are needed.81 In addition to
informing the initiative design, the feasibility assessment is intended to provide an opportunity for the regula-
tor to engage in substantive dialogue with other regulatory stakeholders, international peers, and industry
and market participants.
Get an executive-level sponsor: Fintech cuts across a number of departments and developing a rounded
approach to it requires a different skills and perspectives. A senior internal champion to set and direct the
strategy and get senior management and industry buy-in is invaluable.
Preparedness to offer regulatory relief: Before investing significant resources in consultations and frame-
work preparation, the regulator should confirm: how the initiative fits within its statutory mandate and the dis-
cretionary boundaries within its statutory mandate and regulatory framework. Evidence from other industries
have indicated that regulatory uncertainty can increase time-to-market by nearly 33%, reduce lifetime product
revenue by 8%, and reduce startups’ valuations by 15% due to investors’ and venture capitalists’ wariness
associated with regulatory uncertainty.82 A sentiment we have seen reflected by innovators and regulators in
the financial industry alike.
Facilitate inter-agency coordination and collaboration: Strong inter-agency coordination—at the national,
cross-regional, and international level—can deliver effective regulatory innovation.
Identify KPIs (Key Performance Indicators): Regulators should be clear how success will be measured and
employ feedback loops to fine tune their regulatory approaches.
Focus on principles not rules: Where possible, regulators should focus on principles as opposed to rules-
based regulation. They should look towards regulating the activity and not the entity.
Consider your communication with the market: Several regulators use dedicated webpages as Sandbox
portals, including for application, to help raise awareness, circulate relevant documents or provide informa-
tion to firms.
GUIDANCE FOR POLICYMAKERS & CONCLUSION 41
��Annex 1: Elements of
the Bali Fintech Agenda
The 2018 Bali Fintech Agenda
Regulators are keen to facilitate innovation and encourage suitable business models in their markets, while
ensuring that the local environment is conducive but not adversely affected by technological developments.
There have been calls for greater international cooperation and guidance about how to address emerging
issues, with some also cautioning against premature policy responses. The BFA was created in response to
this and highlights 12 elements arising from the experiences of member countries. The Agenda aims to pro-
vide guidance on Fintech issues, inform dialogue with national authorities, and help shape contributions to
the work of the standard-setting bodies (SSBs) and other relevant international institutions on Fintech issues.
The 12 elements are grouped into 4 objectives:
OBJECTIVE 1: Foster enabling environment to harness opportunities
(I) Embrace the Fintech revolution
Key issues: strengthen institutional capacity; improve communication with stakeholders and
across agencies; and expand consumer education
Enable New Technologies to Enhance Financial Service Provision
(II)
Key issues: facilitate development of and fair access to telecom and Internet infrastructure;
financial infrastructure, digital IDs; digitize Government data repositories; and leverage
technology to make cross-border payments efficient.
Reinforce Competition and Commitment to Open, Free, and Contestable Markets
(III)
Key issues: treat similar risks equally, apply laws and regulations proportionately; avoid mar-
ket concentration and abuse; foster standardization and interoperability
(IV) Foster Fintech to Promote Financial Inclusion and Develop Financial Markets
Key issues: embed Fintech in national financial inclusion and literacy strategies; foster
knowledge exchange; digitize government payments; leverage Fintech to advance finan-
cial sector development.
ANNEX 1: ELEMENTS OF THE BALI FINTECH AGENDA 43
� OBJECTIVE 2: Strengthen financial sector policy framework
(V) Monitor Developments Closely to Deepen Understanding of Evolving Financial Systems
�Key issues: enable flexible data gathering frameworks to identify obstacles to innovation
and new risks
Adapt Regulatory Framework and Supervisory Practices for Orderly Development and
(VI) �
Stability of the Financial System
Key issues: ensure regulation remains adaptable and conducive to development, inclusion,
and competition; consider new approaches like Regulatory Sandbox; address new risks and
(cross-border) arbitrage.
(VIII) Modernize Legal Frameworks to Provide an Enabling Legal Landscape
Key issues: legal predictability to spur investment; legal basis for smart contracts and elec-
tronic signatures; address legal gaps
OBJECTIVE 3: Address potential risks and improve resilience
AML/CFT
(VII) Safeguard Financial Integrity
�Key
Regtech issues: mitigate AML/CFT risks that crypto-assets and other Fintech developments may
pose, potential of Regtech to strengthen AML/CFT compliance
Ensure the Stability of Monetary and Financial systems
(IX) �
Key issues: Digital currencies, distributed ledger applications to payments, lender of Last
Resort and other safety net arrangements.
(X) Develop Robust Financial and Data Infrastructure to Sustain Fintech Benefits
Key issues: Cyber security and operational risk management, risk of concentration in third-
party service providers, data governance frameworks
OBJECTIVE 4: Promote international collaboration
(XI) Encourage internal Cooperation
�Key issues: to avoid regulatory arbitrage and a “race to the bottom”, to monitor global
risks, to facilitate a global enabling regulatory and legal environment for Fintech, and to
stimulate sharing of opportunities
(XII) �Enhance Collective Surveillance and Assessment of Financial Sector Risks
IMF and World Bank can provide capacity development in the areas of financial inclusion,
consumer protection, statistics gaps, financial integrity, regulatory and legal frameworks,
and cyber security.
44 HOW REGULATORS RESPOND TO FINTECH: EVALUATING THE DIFFERENT APPROACHES—SANDBOXES AND BEYOND
�Annex 2: List of Known
Innovation Facilitators
(as of Sept 2019)
COUNTRY TYPE OF INITIATIVE NAME OF INITIATIVE INDUSTRY/ AREA NAME OF OPERATOR
Abu Dhabi Innovation Hub Plug and Play Abu Dhabi Global Market (ADGM)
(UAE) Financial Services Regulatory
Authority
Abu Dhabi Sandbox Fintech RegLab Abu Dhabi Global Market
(UAE) Financial Services Regulatory
Authority (ADGM)
Abu Dhabi Sandbox Digital Regulatory Sandbox Abu Dhabi Global Market
(UAE) Financial Services Regulatory
Authority (ADGM)
Australia Regtech (Incl Accelerators) Australian Securities and Investments
Commission (ASIC)
Australia Regtech (Incl Accelerators) Australian Transaction Reports and
Analysis Center (AUSTRAC)
Australia Innovation Hub ASIC Innovation Hub Australian Securities and Investments
Commission (ASIC)
Australia Sandbox Regulatory Sandbox Australian Securities and Investments
Commission (ASIC) and Australian
Prudential Regulation Authority
(APRA)
Austria Regtech (Incl Accelerators) Oesterreichische Nationalbank
(OeNB)
Austria Innovation Hub FMA FinTech Point of Contact Banking, Insurance, Finanzmarktaufsicht (FMA)
and FMA FinTech Navigator Securities and Markets
Bahrain Sandbox Regulatory Sandbox Financial Inclusion Central bank of Bahrain (CBB)
Bahrain Innovation Hub FinTech Unit Central bank of Bahrain (CBB)
Bahrain Innovation Hub Flat6Labs Tamkeen
Barbados Sandbox FinTech Regulatory Sandbox Financial Inclusion Barbados Central Bank and Financial
Services Commission (CBB & FSC)
Belgium Innovation Hub NBB Contact Point for FinTech Banking, Insurance, Financial Services and Market
and FSMA FinTech Contact Point Securities and Markets Authority (FSMA) and National Bank
of Belgium (NBB)
Bermuda Sandbox Insurance Regulatory Sandbox Bermuda Monetary Authority (BMA)
Brazil Sandbox Laboratory of Financial and Tech- Financial Inclusion Banco Central do Brazil (BCB)
nological Innovations
Brunei Regtech (Incl Accelerators) Autoriti Monetari Brunei Darussalam
(AMBD)
ANNEX 2: LIST OF INNOVATION FACILITATORS 45
� COUNTRY TYPE OF INITIATIVE NAME OF INITIATIVE INDUSTRY/ AREA NAME OF OPERATOR
Brunei Sandbox Regulatory Sandbox Autoriti Monetari Brunei Darussalam
(AMBD)
Bulgaria Innovation Hub Insurance, Securities Financial Supervision Commission
and Markets (FSC)
Canada Sandbox Regulatory Sandbox Canadian Securities Administrators
(CSA)
Canada Innovation Hub OSC LaunchPad Ontario Securities Commission (OSC)
China Sandbox Regulatory Sandbox China Banking Regulatory Commis-
sion (CBRC)
Cyprus Innovation Hub CySEC Innovation Hub Securities and Markets Cyprus Securities and Exchange
Commission (CySEC)
Denmark Sandbox FTLab Banking, Insurance, Danish Financial Supervisory
Securities and Markets Authority (Finanstilsynet)
Denmark Innovation Hub FinTech Forum Banking, Insurance, Danish Financial Supervisory
Securities and Markets Authority (Finanstilsynet)
Dubai (UAE) Innovation Hub FinTech Hive Dubai International Financial
Centre (DIFC) Sandbox Innovation Testing Licence Dubai Financial Services Authority
Dubai (UAE) Sandbox Innovation Testing Licence Dubai Financial Services Authority
(DIFC)
Egypt Sandbox FinTech Application Lab Central Bank of Egypt (CBE)
Estonia Innovation Hub Banking, Insurance, Estonian Financial Services Authority
Securities and Markets —Finantsinspektsioon (EFSA)
Eswatini Sandbox FinTech Regulatory Sandbox Central Bank of Eswatini
EU Sandbox Regulatory Sandbox European Banking Authority (EBA)
and European Commission (EC)
Fiji Sandbox Regulatory Sandbox Financial Inclusion Reserve Bank of Fiji (RBF)
Finland Innovation Hub Innovation Helpdesk Banking, Insurance, FIN-SA (Fianssivalvonta)
Securities and Markets
France Innovation Hub AMF FinTech, Innovation and Banking, Insurance, Autorité de Contrôle Prudentiel et
Competitivness division and Securities and Markets de Résolution (ACPR), Autorité des
ACPR FinTech-Innovation Unit Marchés Financiers (AMF)
France Innovation Hub Le Lab Banque de France Securities and Markets Banque de France
Germany Innovation Hub BaFin FinTech Banking, Insurance, Bundesanstalt für Finanzdienstleis-
Securities and Markets tungsaufsicht (BaFIN)
Hong Kong Sandbox FinTech Supervisory Sandbox Financial Inclusion Hong Kong Monetary Authority
(China) (HKMA) and Securities and Futures
Commission of Hong Kong (SFC)
Hong Kong Sandbox Insuretech Sandbox Insurance Authority
(China)
Hong Kong Innovation Hub SFC FinTech Contact Point Securities and Futures Commission of
(China) Hong Kong (SFC)
Hong Kong Innovation Hub HKMA FinTech Facilitation Office Hong Kong Monetary Authority
(China) (HKMA)
Hong Kong Regtech (Incl Accelerators) Securities and Futures Commission of
(China) Hong Kong (SFC)
Hungary Sandbox Regulatory Sandbox Banking, Insurance, Central Bank of Hungary (MNB)
Securities and Markets
Hungary Innovation Hub MNB Innovation Hub Central Bank of Hungary (MNB)
Hungary Innovation Hub MKB FinTech Lab Magyar Külkereskedelmi Bank
46 HOW REGULATORS RESPOND TO FINTECH: EVALUATING THE DIFFERENT APPROACHES—SANDBOXES AND BEYOND
�COUNTRY TYPE OF INITIATIVE NAME OF INITIATIVE INDUSTRY/ AREA NAME OF OPERATOR
Iceland Innovation Hub Banking, Insurance, Financial Supervisory Authority (FME)
Securities and Markets
India Sandbox Regulatory Sandbox Financial Inclusion Reserve Bank of India (RBI)
India Sandbox Regulatory Sandbox Financial Inclusion Insurance Regulatory and Develop-
ment Authority of India (IRDAI)
India Sandbox Regulatory Sandbox E-Governance State of Maharashtra
India Regtech (Incl Accelerators) Regulatory Sandbox Financial Inclusion Unique Identification Authority of
India (UIDAI)
India Sandbox Regulatory Sandbox Capital markets Securities and Exchange Board of
India (SEBI)
Indonesia Sandbox Regulatory Sandbox Financial Inclusion Otoritas Jasa Keuangan (OJK)—
Financial Services Authority
Indonesia Innovation Hub OJK Infinity Otoritas Jasa Keuangan (OJK)—
Financial Services Authority
Indonesia Sandbox Regulatory Sandbox Bank Indonesia
Ireland Innovation Hub Banking, Insurance, Central Bank of Ireland (CBI)
Securities and Markets
Israel Sandbox Regulatory Sandbox Israel Securities Authority (ISA) , Bank
of Israel, and Ministry of Finance
Italy Innovation Hub Canale FinTech Banking Banca D'Italia
Italy Regtech (Incl Accelerators) Insurance, Securities Institute for insurance supervision
and Markets (IVASS)
Jamaica Sandbox Regulatory Sandbox Bank of Jamaica
Japan Innovation Hub FSA FinTech Support Desk Japan Financial Services Agency
Japan Innovation Hub BoJ FinTech Center Bank of Japan (BoJ)
Japan Sandbox Regulatory Sandbox Tokyo Metropolitan Government
Japan Regtech (Incl Accelerators) Bank of Japan (BoJ)
Japan Sandbox FinTech Proof of Concept Hub Japan Financial Services Agency and
Government
Jordan Sandbox FinTech Regulatory Sandbox Financial Inclusion Central Bank of Jordan (CBJ)
Kazakhstan Sandbox FinTech Regulatory Sandbox Financial Inclusion Astana Financial Services Authority
(AFSA)
Kenya Sandbox FinTech Sandbox Financial Inclusion Kenya Capital Markets Authority
(CMA)
Kenya Regtech (Incl Accelerators) Kenya Capital Markets Authority
(CMA)
Kuwait Sandbox Regulatory Sandbox Central Bank of Kuwait
Latvia Innovation Hub Innovation Centre Banking, Insurance, Financial and Capital market Com-
Securities and Markets mission (FCMC)
Liechtenstein Innovation Hub Regulierungslabor Banking, Insurance, Financial Market Authority (FMA)
Securities and Markets
Lithuania Sandbox Regulatory Sandbox Banking, Insurance, Bank of Lithuania
Securities and Markets,
(Financial Inclusion?)
Lithuania Innovation Hub Bank of Lithuania
Lithuania Regtech (Incl Accelerators) Bank of Lithuania
Lithuania Sandbox LB Chain Banking, Insurance, Bank of Lithuania
Securities and Markets
(Financial Inclusion?)
ANNEX 2: LIST OF INNOVATION FACILITATORS 47
� COUNTRY TYPE OF INITIATIVE NAME OF INITIATIVE INDUSTRY/ AREA NAME OF OPERATOR
Luxembourg Innovation Hub Banking, Securities and Commission de Surveillance Du
Markets Secteur Financier (CSSF)
Malaysia Sandbox FinTech Regulatory Sandbox Financial Inclusion Bank Negra Malaysia (BNM)
Malaysia Innovation Hub Financial Technology Enabler Bank Negra Malaysia (BNM)
Group
Malta Sandbox Cryptocurrency Sandbox Malta Gaming Authority
Mauritius Sandbox Regulatory Sandbox Financial Inclusion Economic Development Board
Mexico Sandbox Regulatory Sandbox Financial Inclusion National Banking and Securities Com-
mission (CNBV), Ministry of Finance,
and Bank of Mexico (Banxico)
Mexico Regtech (Incl Accelerators) Comisión Nacional Bancaria y de
Valores (CNBV)
Mexico Regtech (Incl Accelerators) Comisión Nacional del Sistema de
Ahorro para el Retiro (CONSAR)
Mozambique Sandbox Regulatory Sandbox Central Bank of Mozambique and
Financial Sector Deepening
Mozambique (FSDMoc)
Netherlands Sandbox Regulatory Sandbox Banking, Insurance, Autoriteit Financiële Markten (AFM)
Securities and Markets and De Nederlandsche Bank (DNB)
Netherlands Innovation Hub InnovationHub AMF and DNB Autoriteit Financiële Markten (AFM)
and De Nederlandsche Bank (DNB)
Netherlands Regtech (Incl Accelerators) Banking, Insurance, De Nederlandsche Bank (DNB)
Securities and Markets
Nigeria Regtech (Incl Accelerators) Central Bank of Nigeria (CBN)
Nigeria Regtech (Incl Accelerators) Nigeria Inter-Bank Settlement System
Nigeria Sandbox Financial Industry Sandbox Financial Inclusion Central Bank of Nigeria and Nigeria
Inter-Bank Settlement System (NIBSS)
Norway Innovation Hub Regulatory Sandbox Banking, Insurance, Norwegian Parliament and Norgess
Securities and Markets Bank
Norway Sandbox Regulatory Sandbox Norway Finance Ministry
Peru Regtech (Incl Accelerators) Superintendencia de Banca y Seguros
del Perú (SBS)
Philippines Sandbox Regulatory Sandbox Financial Inclusion Bangko Sentral Ng Philipinas (BSP)
Philippines Regtech (Incl Accelerators) Bangko Sentral Ng Philipinas (BSP)
Poland Sandbox Regulatory Sandbox Banking, Insurance, Komisja Nadzoru Finansowego (KNF)
Securities and Markets
Poland Innovation Hub Banking, Insurance, Komisja Nadzoru Finansowego (KNF)
Securities and Markets
Portugal Innovation Hub InsurTech—Portugal FinLab Insurance regulator, Banking regula-
tor, securities market commission,
and Portugal fintech
Portugal Innovation Hub Startup Lisboa Banking, Insurance, Banco de Portugal (BdP), Comissao
Securities and Markets do Mercado de Valores Mobiliarios
(CMVM), Autoridade de Supervisao
de Seguros de fundos se Pensoes
(ASF)
Republic of Innovation Hub Seoul Metropolitan Government
Korea
Republic of Sandbox Regulatory Sandbox loans, insurance, Financial Supervisory Service (FSS)
Korea capital market, credit,
banking and data
48 HOW REGULATORS RESPOND TO FINTECH: EVALUATING THE DIFFERENT APPROACHES—SANDBOXES AND BEYOND
�COUNTRY TYPE OF INITIATIVE NAME OF INITIATIVE INDUSTRY/ AREA NAME OF OPERATOR
Romania Innovation Hub InsureTech Innovation Hub Insurance, Securities Fianncial Supervisory Authority (ASF)
and Markets
Russia Regtech (Incl Accelerators) Central Bank of Russia (CBR)
Russia Sandbox Regulatory Sandbox Financial Inclusion Central Bank of Russia (CBR)
Rwanda Regtech (Incl Accelerators) National Bank of Rwanda (BNR)
Saudi Arabia Sandbox Regulatory Sandbox Saudi Arabian Monetary Authority
(SAMA)
Serbia Sandbox Regulatory Sandbox National Bank of Serbia (NBS)
Sierra Leone Sandbox Regulatory Sandbox Financial Inclusion Bank of Sierra Leone (BSL)
Singapore Sandbox FinTech Regulatory Sandbox Financial Inclusion Monetary Authority of Singapore
(MAS)
Singapore Innovation Hub MAS Financial Technology and Monetary Authority of Singapore
Innovation Group (MAS)
Singapore Innovation Hub Global FinTech Hackcelerator Monetary Authority of Singapore
(MAS)
Singapore Regtech (Incl Accelerators) Monetary Authority of Singapore
(MAS)
Spain Sandbox Banking, Insurance, Ministerio de Economia y Empresa
Securities and Markets
Spain Sandbox Regulatory Sandbox Spanish FinTech and InsureTech
Association (AEFI)
Spain Innovation Hub FinTech/Innovation Portal Securities and Markets Comission Nacional del Mercado de
Valores (CNMV)
Sri Lanka Sandbox Regulatory Sandbox Central Bank of Sri Lanka (CBSL)
Sweden Innovation Hub Finansinspektionen’s Innovation Banking, Insurance, Financial Supervision Authority (FI)—
Hub Securities and Markets Finansinspektionen
Sweden Regtech (Incl Accelerators) Sveriges Riksbank
Switzerland Sandbox Regulatory Sandbox Swiss Federal Council and Swiss
Financial Markets Supervisory
Authority (FINMA)
Switzerland Innovation Hub FINMA FinTEch Swiss Federal Council and Swiss
Financial Markets Supervisory
Authority (FINMA)
Taiwan Sandbox Regulatory Sandbox Financial Supervisory Commission
Thailand Sandbox Regulatory Sandbox Financial Inclusion Bank of Thailand (BoT)
Thailand Innovation Hub Securities and Exchange Commission
Thailand Regtech (Incl Accelerators) Bank of Thailand (BoT)
Turkey Sandbox
Uganda Sandbox Regulatory Sandbox Operator(s) To Be Confirmed
UK Sandbox Regulatory Sandbox Banking, Insurance, Financial Conduct Authority (FCA)
Securities and Markets
UK Innovation Hub FCA Innovate Banking, Insurance, Financial Conduct Authority (FCA)
Securities and Markets
UK Regtech (Incl Accelerators) Financial Conduct Authority (FCA)
UK Regtech (Incl Accelerators) Bank of England (BoE)
USA Sandbox FinTech Sandbox Financial Inclusion Arizona State Regulators
USA Sandbox No-Action Letters and (proposed) Bureau of Consumer Financial
BCFP Product Sandbox Protection (BCFP)
ANNEX 2: LIST OF INNOVATION FACILITATORS 49
� COUNTRY TYPE OF INITIATIVE NAME OF INITIATIVE INDUSTRY/ AREA NAME OF OPERATOR
USA Sandbox InsurTech Regulatory Sandbox Department of Insurance, Kentucky
USA Sandbox Regulatory Sandbox peer-to-peer lending, Utah Department of Commerce
credit extending
services, money
transmission and
certain block chain
or cryptocurrency
products
USA Innovation Hub OCC Office of Innovation Office of the Comptroller of the
Currency (OCC)
USA Innovation Hub LabCFTC Commodities and Futures Trading
Commission (CFTC)
USA Innovation Hub BCFP Project Catalyst Bureau of Consumer Financial
Protection (BCFP)
USA Regtech (Incl Accelerators) Securities and Exchange Commission
(SEC)
USA Regtech (Incl Accelerators) Bureau of Consumer Financial
Protection (BCFP)
USA Regtech (Incl Accelerators) Federal Reserve Board (FRB)
USA Regtech (Incl Accelerators) Financial Industry Regulatory
Authority (FINRA)
50 HOW REGULATORS RESPOND TO FINTECH: EVALUATING THE DIFFERENT APPROACHES—SANDBOXES AND BEYOND
�Endnotes
1. World Bank, Global Financial Development Report ‘Cross- 13. Unless otherwise stated, hereafter in this document
Border Lending by International Banks’ http://pubdocs. policymakers will be assumed to include regulators and
worldbank.org/en/148061509974150469/GFDR-2018- supervisors.
Chapter3.pdf 14. A separate paper dedicated to sandboxes and lessons
2. BCBS, Sound Practices ‘Implications of fintech learned will be released following this paper.
developments for banks and bank supervisors’ https://www. 15. The IMF and the WBG conducted a Global Fintech Survey
bis.org/bcbs/publ/d431.pdf (GFS) in 2019 and received 96 responses.
3. BCBS, Sound Practices ‘Implications of fintech 16. Fintech: The Experience so far: IMF-WBG report
developments for banks and bank supervisors’ https://www. 17. WBG desk-based analysis
bis.org/bcbs/publ/d431.pdf 18. 2017 World Bank Findex. https://globalfindex.worldbank.
4. BCBS, Sound Practices ‘Implications of fintech org/
developments for banks and bank supervisors’ https://www. 19. GPFI, G20 High-Level Principles for Digital Financial
bis.org/bcbs/publ/d431.pdf Inclusion https://www.gpfi.org/publications/g20-high-level-
5. Mittal, Varun. (2019). EY FinTech Ecosystem Playbook. principles-digital-financial-inclusion
10.13140/RG.2.2.14102.19521. (https://www.researchgate. 20. See Bali Fintech Agenda Element VI
net/publication/330702088_EY_FinTech_Ecosystem_ 21. BFA Elements I-IV
Playbook) 22. Unless otherwise stated, hereafter in this document
6. Definition of from IMF-WBG Bali Fintech Agenda policymakers will be assumed to include regulators and
7. Definition from FSB, Financial Stability Implications from supervisors.
FinTech ‘Supervisory and Regulatory Issues that Merit 23. World Bank and Cambridge Center for Alternative Finance.
Authorities’ Attention’: https://www.fsb.org/wp-content/ “Regulating Alternative Finance: Results from a Global
uploads/R270617.pdf Regulator Survey”. 2019
8. BCBS, Sound Practices ‘Implications of fintech 24. Bali Fintech Agenda: http://documents.worldbank.org/
developments for banks and bank supervisors’ https://www. curated/en/390701539097118625/The-Bali-Fintech-
bis.org/bcbs/publ/d431.pdf Agenda-Chapeau-Paper
9. World Bank, Global Financial Development Report ‘Cross- 25. The Global Fintech Survey collected responses from over
Border Lending by International Banks’ http://pubdocs. 100 member countries on the status in their respective
worldbank.org/en/148061509974150469/GFDR-2018- jurisdictions on the 12 elements of the BFA.
Chapter3.pdf 26. The contents of this box draw on FSB, Financial Stability
10. BCBS, Sound Practices ‘Implications of fintech Implications from Fintech—Supervisory and Regulatory
developments for banks and bank supervisors’ https://www. Issues that Merit Authorities’ Attention (cit.) https://www.fsb.
bis.org/bcbs/publ/d431.pdf org/wp-content/uploads/R270617.pdf
11. Different definitions of Fintech have been used by 27. This section draws on the Regulatory Response
international bodies and national authorities. Drawing on classifications from the Bank of International Settlements
these, this paper adopts a broad interpretation of Fintech report Policy Responses to Fintech: A Cross Country
in alignment with the Bali Fintech Agenda definition, to Overview (January, 2020) https://www.bis.org/fsi/publ/
describe the advances in technology that have the potential insights23.pdf The policy responses in this paper try to
to transform the provision of financial services spurring stay aligned to the BIS regulatory responses classified
the development of new business models, applications, respectively as (i) Regulatory Status Unchanged; (ii) Work
processes, and products. in Progress; and (iii) Fintech-Specific Regulation & Fintech
12. BFA Elements I-IV Activity Not Allowed.
ENDNOTES 51
� 28. Bank of International Settlements. Policy Responses to 44. N26 Magazine. M-PESA: how Kenya revolutionized mobile
Fintech: A Cross Country Overview. January, 2020.< https:// payments. https://mag.n26.com/m-pesa-how-kenya-
www.bis.org/fsi/publ/insights23.pdf > revolutionizedmobile-payments-56786bc09ef
29. Financial Stability Board. Financial Stability Implications 45. 45. BSG, University of Oxford. M-Pesa Practitioners Insight,
from Fintech—Supervisory and Regulatory Issues that Merit July 2017. https://www.bsg.ox.ac.uk/sites/default/files/2018-
Authorities’ Attention (cit.). 2017. https://www.fsb.org/ 06/2017-07-M-Pesa-Practitioners-Insight.pdf
wp-content/uploads/R270617.pdf 46. CGAP, Competition & Mobile Financial Services: Move Past
30. Speech by Patrick Armstrong https://www.esma.europa.eu/ “Test & Learn”. https://www.cgap.org/blog/competition-
sites/default/files/library/2016-1613_1.pdf mobile-financial-services-move-past-test-learn
31. This box draws on the work of the United States Library Of 47. A separate paper dedicated to sandboxes and lessons
Congress report “Regulation of Cryptocurrency Around learned released following this paper.
the World”. https://www.loc.gov/law/help/cryptocurrency/ 48. The IMF and the WBG conducted a Global Fintech Survey
world-survey.php (GFS) in 2019 and received 96 responses.
32. Central Bank of Ireland. March 2018. Speech: Tomorrow’s 49. Fintech: The Experience so far: IMF-WBG report
Yesterday: financial regulation and technological change 50. WBG desk-based analysis
https://www.centralbank.ie/news/article/financial-regulation- 51. FINTECH: REGULATORY SANDBOXES AND INNOVATION
and-technological-change-gerry-cross HUBS: https://eba.europa.eu/documents/10180/2545547/
33. A trust account is a legal arrangement through which funds JC+2018+74+Joint+Report+on+Regulatory+Sandboxes+a
or assets are held by a third party (the trustee) for the nd+Innovation+Hubs.pdf
benefit of another party (the beneficiary), which may be an 52. Medium. OJK Infinity to Create Friendly Fintech Ecosystem
individual or a group. The creator of the trust is known as a in Indonesia. https://medium.com/@indonesiagodigital1/
grantor or settlor. ojk-infinity-tocreate-friendly-fintech-ecosystem-in-indonesia-
34. Cato Institute. ‘An Analysis of the PBOC’s New Mobile 8f2afa7958b9
Payment Regulation’. February, 2019. https://www.cato. 53. World Bank and Cambridge Center for Alternative Finance.
org/cato-journal/winter-2019/analysis-pbocs-new-mobile- “Regulating Alternative Finance: Results from a Global
payment-regulation Regulator Survey”. 2019
35. PYMNTS. Protests Mark China’s Ruptured P2P Lending 54. FinDev Gateway. CGAP-World Bank: Regulatory Sandbox
Landscape. August, 2018. https://www.pymnts.com/news/ Global Survey (2019). https://www.findevgateway.org/slide-
international/2018/china-protestors-p2p-lending-regulation- deck/2019/07/cgap-world-bank-regulatory-sandbox-global-
fraud-debt/ survey-2019
36. South China Morning Post. China’s P2P lending crisis 55. BIS Innovation Hub. https://www.bis.org/topic/fintech/hub.
worsens as second firm runs into trouble in a week. January, htm
2019. https://www.scmp.com/business/banking-finance/ 56. OpenGovAsia. Hong Kong Working to Foster FinTech
article/2180731/chinas-p2p-lending-crisis-worsens-second- Ecosystem. https://www.opengovasia.com/hong-kong-
firm-runs-trouble working-to-foster-fintech-ecosystem/
37. The ‘Home of Online Lending’ is an industry data and 57. CTMFile. Emergency UK government loans only appeal to
intelligence company (wdzj.com) which provided analytics half of business owners. https://ctmfile.com/story/bis-opens-
for the sector. innovation-hub-centrein-singapore
38. FinExtra. The Rise and Fall of P2P Lending in China. April, 58. SNBCHF. SNB and BIS sign Operational Agreement on
2019. https://www.finextra.com/blogposting/17107/the-rise- BIS Innovation Hub Centre in Switzerland. https://snbchf.
and-fall-of-p2p-lending-in-china com/2019/10/snb-2019-snb-bis-operational-agreement-bis-
39. The “1+3” system comprises overall interim measures innovation-hub-centre-switzerland/
(2016), guidelines for record-filing (2016), guideline for client 59. Both Financial and non-financial regulators have set-up
fund depository business (2016) and guidelines for business sandboxes. However, for the purposes of this paper we are
disclosure (2017). referring to regulators and supervisors in the financial sector
40. FinExtra. The Rise and Fall of P2P Lending in China. April, unless otherwise stated.
2019. https://www.finextra.com/blogposting/17107/therise- 60. Notes adjunct to the Bali Fintech Agenda
and-fall-of-p2p-lending-in-china 61. UNSGA. Early Lessons on Regulatory Innovations to
41. GSMA, Tanzania Enabling Mobile Money Policies. https:// Enable Inclusive Fintech. https://www.unsgsa.org/
www.gsma.com/mobilefordevelopment/wp-content/ files/2915/5016/4448/Early_Lessons_on_Regulatory_
uploads/2014/03/Tanzania-Enabling-Mobile-Money-Policies. Innovations_to_Enable_Inclusive_FinTech.pdf
pdf 62. See CGAP blog https://www.cgap.org/blog/growing-
42. GSMA, Mobile Money in the Philippines – The Market, trend-financial-regulation-thematic-sandboxes on thematic
the Models and Regulation. https://www.gsma.com/ sandboxes
mobilefordevelopment/wp-content/uploads/2012/06/ 63. Medium. The Japan FSA Regulatory Sandbox. https://
Philippines-Case-Study-v-X21-21.pdf medium.com/tokyo-Fintech/the-japan-fsa-regulatory-
43. AFI. Case Study - Enabling mobile money transfer: The sandbox-b7e9f38e962e
Central Bank of Kenya’s treatment of M-Pesa. https://www. 64. The State of Regulatory Sandboxes in Developing
afi-global.org/sites/default/files/publications/afi_casestudy_ Countries, Wechsler, M, Perlman, L, and Gurung,
mpesa_en.pdf
52 HOW REGULATORS RESPOND TO FINTECH: EVALUATING THE DIFFERENT APPROACHES—SANDBOXES AND BEYOND
�65. BSL (2017) Sierra Leone Fintech Challenge 2017, available to manage their finances. These third-party providers
at https://bit.ly/2PfiIFx ; UNCDF (2018) The Sierra Leone could include telecommunication companies, social media,
Fintech Initiative in the Words of the Fintechs, available at shopping platforms, or value-added service providers,
https://youtu.be/hqSV-_qobOQ offering, for instance, facilitated transfers, an aggregate
66. UNSGSA. Regulatory Sandboxes Not Always the overview of a user’s account information from several banks,
Answer for Regulating Inclusive FinTech, Says New or financial analysis and advice, while the customers’ money
Report Commissioned by the UNSGSA ‘Early Lessons remains safely stored in the current bank account.
on Regulatory Innovations to Enable Inclusive Fintech: 78. The regulation expanded the scope of data privacy to cover
Innovation Offices, Regulatory Sandboxes, and Regtech’. any company that processes personal data for EU residents
https://www.unsgsa.org/resources/news/regulatory- and strengthened the conditions for consumer consent,
sandboxes-not-always-answer-regulating-inclusive/ mandating that requests for information be issued in clear
67. Inter-American Development Bank & Finnovista, Fintech and easily accessible form. The rule also made breach
Innovations that you may not know were from Latin America notifications mandatory and gave consumers the right
and the Caribbean (2017), available at: https://publications. to access their data, have it erased, or shift it to another
iadb.org/en/fintech-innovations-you-may-not-know-were- processor.
latin-america-and-caribbean 79. IMF-WBG Global Fintech Survey 2019
68. Global Financial Innovation Network – One year on. 80. FinDev Gateway. CGAP-World Bank: Regulatory Sandbox
http://dfsa.ae/Documents/Fintech/GFIN-One-year-on- Global Survey (2019) https://www.findevgateway.org/sites/
FINAL-20190612.pdf default/files/publications/2020/surevy_results_ppt_cgap_
70. Tools on how to do this will be part of a forthcoming CGAP wbg_final_20190722_final.pdf
publication. 81. UNSGSA FinTech Working Group and CCAF. (2019). Early
71. More details of how this has been employed by Lessons on Regulatory Innovations to Enable Inclusive
policymakers around the world will be contained in our FinTech: Innovation Offices, Regulatory Sandboxes, and
forthcoming paper on Experiences from Regulatory RegTech. Office of the UNSGSA and CCAF: New York, NY
Sandboxes globally. and Cambridge, UK.
72. See glossary. 82. UNSGSA FinTech Working Group and CCAF. (2019). Early
73. Adapted from A Chatbot Application and Complaints Lessons on Regulatory Innovations to Enable Inclusive
Management System for the Bangko Sentral ng FinTech: Innovation Offices, Regulatory Sandboxes, and
Pilipinas (BSP) https://static1.squarespace.com/ RegTech. Office of the UNSGSA and CCAF: New York, NY
static/583ddaade4fcb5082fec58f4/t/5c62711941920237ef and Cambridge, UK.
03d090/1549955392920/R2A+Chatbot+Case+Study.pdf 83. See Ariel Dora Stern, Innovation under regulatory
74. Interview with the UK FCA uncertainty: Evidence from medical technology, Harvard
75. Singapore Fintech Festival. GLOBAL FINTECH University, January 2014, http://www.rotman.utoronto.ca/-/
HACKCELERATOR https://www.fintechfestival.sg/global- media/Files/Programs-and-Areas/Strategy/papers/JMP_
fintech-hackcelerator Stern_Jan_2014.pdf ; Going beyond Regulatory Sandboxes
76. Legal Notice No. 109 of 2014. https://www.centralbank. to enable Fintech innovation in emerging markets, Castri
go.ke/images/docs/legislation/NPSRegulations2014.pdf et al.
77. PSD2 enables bank customers to use third-party providers
ENDNOTES 53
����