Author : Shashidhar K J

Issue BriefsPublished on May 24, 2023 PDF Download
ballistic missiles,Defense,Doctrine,North Korea,Nuclear,PLA,SLBM,Submarines

Regulatory Sandboxes: Decoding India’s attempt to Regulate Fintech Disruption

In August 2019, the Reserve Bank of India (RBI) released its final guidelines for a regulatory sandbox for fintech firms.[1] Technology innovations are disrupting the traditional financial sector, and the RBI’s regulatory sandbox exercise is an attempt to be more agile and absorb some of this disruption. ‘Sandboxes’ give regulators a chance to work with fintech innovators, mitigate potential risks and develop evidence-based policy, while fintech companies can test new products, services or business models with customers in a ‘live’ environment, subject to certain safeguards and oversight. This brief examines the current state of regulatory sandboxes in India and evaluates the successes of and the challenges to this relatively new regulatory framework and tool. It also looks at gaps the industry perceives as key and outlines future expectations. Finally, it comments on why regulators need to build other formal mechanisms of encouraging innovation.


Shashidhar K.J., “Regulatory Sandboxes: Decoding India’s Attempt to Regulate Fintech Disruption,” ORF Issue Brief No. 361, May 2020, Observer Research Foundation.


Over the last five years, India has emerged as a hotbed of innovation and entrepreneurship in the financial technology (fintech) space. Over 2000 fintech companies have set up operations in India since 2013,[2] with the country ranking second globally in fintech adoption.[3]

Such innovations and disruptions in the financial sector have often occurred in a regulatory grey area where rules are not adequately defined. For instance, mobile wallets were developed in a regulatory grey space in the late 2000s in the aftermath of the telecom sector boom. In response, the Reserve Bank of India (RBI) issued guidelines for their operation, such as limiting the amount of money that can be stored in a wallet, thereby curtailing the larger systemic risks that wallets could have posed.

In 2016, the RBI set up an inter-regulatory working group to “look into and report on the granular aspects of fintech and its implications to review the regulatory framework.”[4] In August 2019, the RBI released guidelines for a regulatory sandbox, following the recommendations of the working group.[5]

Broadly, a regulatory sandbox is a framework that allows live, time-bound testing of innovations under a regulator’s oversight. It is a contained space where incumbents and challengers experiment with designs lying on the edge of or outside the existing regulatory framework. The idea of sandboxing comes from the information technology sector, where new products are tested while the database is isolated from critical system resources and the product is necessarily not live. The regulatory sandboxes, however, test products that are already live.

This paper discusses how the RBI’s regulatory sandboxes can be used to promote innovation.  It looks at the regulatory sandboxes’ successes and challenges, presents inputs from industry experts and makes recommendations to improve the sandbox regime.

Assessing Regulatory Sandboxes

Regulatory sandboxes allow financial regulators to mitigate future risks by working with fintech innovators by having a ring-side view of the potential problems. Fintech companies, meanwhile, can test new products, services and business models with customers in a ‘live’ environment, albeit under certain safeguards and oversight. Notably, the sandbox is expected to facilitate constructive dialogue between the regulator and those regulated. Several countries have adopted regulatory sandboxes, and currently, there are 46 initiatives in various stages of implementation across the world.[6]

The modern idea of a regulatory sandbox can be traced to the US’ Project Catalyst, a programme created in 2012 by the Consumer Financial Protection Bureau (CFPB) to encourage consumer-friendly innovation and entrepreneurship for financial products.[7] The CFPB viewed Project Catalyst as an important extension of the obligations of the Dodd-Frank Wall Street Reform and Consumer Protection Act “to give all consumers access to fair, transparent, competitive, and innovative markets.”

The current regulatory sandbox framework was established by the UK’s Financial Conduct Authority (FCA) in 2015.[8] The FCA called regulatory sandboxes a ‘safe space’ where “businesses can test innovative products, services, business models and delivery mechanisms without immediately incurring all the normal regulatory consequences of engaging in the activity in question.”

In 2019, 99 organisations applied to be part of the FCA’s fifth cohort; 29 were accepted, including established banks and small startups.[9] The inclusion of banks, financial institutions and startups is a crucial feature of the regulatory sandbox as it seeks to promote competition through disruptive innovation by lowering administrative barriers and costs for testing new products.[10]

Although some experts believe it may be “too early to draw firm conclusions” on the FCA’s impact on competition, “testing indicates that the sandbox is making progress towards promoting competition in the market as firms are investing in the next wave of technologies that have the potential to improve market efficiencies and effectiveness.”[11]

Over 40 percent of the FCA’s first cohort received investment during or following their tests.[12]According to fintech firm AssetVault, which was part of the second cohort, participating in the sandbox sends investors a “positive signal” of the company’s ability to work with regulators and build differentiation in the market.[13] The sandbox also helped the company build internal discipline by focusing on processes, documentation and compliance monitoring.

About 75 percent of the firms from the FCA’s first cohort completed testing, while 90 percent of these firms continued to a broader market launch.[14] Several firms also mentioned that working with the regulator helped them build appropriate consumer protection safeguards into their products and services.

Nevertheless, several broader challenges and concerns remain. Crucially, since sandbox firms are not fully regulated, the end-users may not be fully protected.[15] Firms participating in the Monetary Authority of Singapore’s sandbox activity, for instance, are not bound by the financial consumer protection dispute resolution rules. But the companies must inform customers that they are operating in a sandbox and disclose the key risks associated with their products or services.[16] Besides, customers may see a firm’s participation in a sandbox as an endorsement from the regulator and thus think they are protected.

Firms accepted for testing in a sandbox get some leeway while traditional financial institutions are subject to full regulations, raising concerns over fairness. For instance, a lending company will be subject to net worth and capital requirements, which must be maintained at all times. However, if the company is accepted into a regulatory sandbox, these requirements may be relaxed.

Sandboxes are a resource-intensive exercise, complex to set up and costly to run. Large sums of financial resources were allocated to regulatory sandboxes, with figures ranging from US$25,000 to over US$1 million, and they required anywhere from one to 25 full-time employees.[17]

Experience from other countries shows that most of the regulatory questions in a sandbox can be answered without a live testing environment and similar results can be arrived at through formal cost-effective mechanisms, such as an innovation office.[18] Innovation offices could be set up by the regulators to regularly interact with banks, non-banks and other industry players, and serve two purposes—informing the regulator of developments in the fintech space and hosting meetings with industry players to share ideas. So, while sandboxes may be helpful in developing evidence-based policy, regulators must focus on creating more ways to engage with market participants.

It is also important to define the regulatory sandbox’s objective during the planning stage to ensure it aligns with existing priorities and to avoid a mismatch between the regulators’ motivations and its legal mandate.[19] Although “driving competition in the market” may be a key motivator for setting up a regulatory sandbox, the regulator’s legal mandate may not support it. For instance, the RBI’s preamble states that its primary function is to regulate the issue of banknotes and maintain reserves to secure monetary stability. Its other functions include the operation of currency and credit systems, framing monetary policy and maintaining price stability. Driving competition is not a key function, as per its legal mandate.

Figure 1.

Sandboxes may be valued for their regulatory relaxations. However, a survey of 31 regulatory agencies in 28 countries by CGAP and the World Bank Group revealed that the regulators’ guidance on how to fit into the existing frameworks was more beneficial than regulation waivers.[20]

Figure 2.

The survey also showed that although firms did benefit from limited temporary regulatory exemptions, they gained more from the ‘test-and-learn’ practice of trying out new ideas with a small subset of customers in a limited number of locations to observe its impact on customer experience, employee productivity and sales. This exercise requires tracking and analysing site and customer data at granular levels to closely monitor performance, raising several privacy concerns for the customer. It is thus essential for Indian regulators to understand how sandboxes tie into the proposed Personal Data Protection Bill while maintaining customers’ privacy.

Figure 3.

The CGAP-World Bank study also revealed that regulatory sandboxes serve fewer firms than accelerators and innovation hubs. The sandboxes surveyed received 522 applications but only accepted 200 firms, while innovation hubs were far more effective with 1,889 applications and 1,390 acceptances.[21]

Regulatory Sandboxes in India

In addition to the RBI, two other financial regulators have announced plans for regulatory sandboxes—the Securities Exchange Board of India (SEBI), which regulates India’s securities markets,[22] and the Insurance Regulatory and Development Authority of India (IRDAI), which oversees the insurance and reinsurance sectors.[23]

Moreover, Maharashtra, which already has policies to encourage more fintech startups, launched a sandbox through which it would expose bank application programming interfaces (APIs) to fintechs to promote open banking initiatives.[24] Major private sector banks such as HDFC Bank,[25] ICICI Bank,[26] and YES Bank[27] also have initiatives where developers are invited to create new applications through their banking APIs.

Indian regulators have opted for a different approach than the UK’s FCA sandbox. The FCA sandbox allows most financial products to be tested across multiple sectors, including payments, know your customer (KYC), debt, insurance and securities. For instance, as part of its 2019 cohort, the FCA has accepted “a travel insurance product with a bespoke medical screening process for consumers living with cardiovascular disease” from the British Heart Foundation. It also accepted an application for an identity service from Diro Labs to strengthen KYC processes.[28] In India, however, regulators want to promote product and service innovation through dedicated sandboxes for each sector. But India’s regulatory sandboxes are still in a nascent stage, and so regulators are still calibrating their rules.

SEBI’s regulatory sandbox

According to SEBI’s guidelines, all entities registered under the SEBI Act 1992 are eligible for testing in their sandbox even if they use the services of a fintech firm.[29] However, the registered entity will be the principal applicant and solely responsible for testing the solution in the sandbox. SEBI is also considering granting a limited certificate of registration to firms keen to test in the regulatory sandbox, with them being exempt from its regulatory requirements.[30]

IRDAI’s regulatory sandbox

The IRDAI’s sandbox exclusively looks at products and services in the insurance sector and has set up a panel to review applications.[31] IRDAI’s entry guidelines are relatively broad. Any applicant who wants to promote and implement innovation in insurance in India is eligible to enter the programme. However, the applicant must demonstrate the invention to the regulator and not merely apply to get a regulatory waiver. There is no specific period of testing, but the testing period ends when the number of customers crosses 10,000 or when the premium collected exceeds INR 50 lakh or by any other parameter decided by IRDAI.[32]

RBI’s regulatory sandbox

The RBI’s regulatory sandbox guidelines are more defined due to extensive consultations with industry experts.[33]

What will and won’t be considered

The RBI has said it will accept “innovative products/services” in the domains of money transfer services, marketplace lending, digital KYC, financial advisory services, wealth management services, digital identification services, smart contracts, financial inclusion products and cybersecurity products.

It will also accept “innovative technologies” such as mobile applications, data analytics, API services, applications under blockchain technology, artificial intelligence and machine learning.

The RBI has explicitly stated that it will not accept startups engaged in the creation of credit registry; credit information services; cryptocurrency or crypto assets; trading, investing and settling in crypto assets; initial coin offerings (ICOs); chain marketing services; and any product or service that has been banned by other regulators and the Indian government.

Testing period

The cohorts may run for varying periods but should ordinarily be completed within six months. The testing period varies across other sandboxes. For instance, the regulatory sandboxes in Thailand, Taiwan, Malaysia and Australia specify a 12-month test period, while the UK’s sandbox testing lasts six months.[34]

Time-bound testing in the sandbox will help regulators form evidence-based policies. Besides, the suspension of rules cannot be indefinite to avoid creating further imbalances in the broader structural market.

Relaxations and requirements

The RBI will offer several relaxations to firms entering the regulatory sandbox, including on liquidity requirements, board composition, management experience, financial soundness and company performance.

The guidelines also stipulate that entities entering the sandbox must adhere to securing customer privacy and data protection, securing storage and access of payment data and KYC details, as well as anti-money laundering and combating the financing of terrorism requirements.

Entry criteria

RBI officials have said the new guidelines are a “sea change” from the previous version due to the relaxed entry criteria.[35] Entities applying for the RBI’s regulatory sandbox must have a net worth of INR 25 lakh and be incorporated and registered in India or licensed to operate in India. This is a significant relaxation from the RBI’s April 2018 draft guidelines, which had a very narrow definition of which companies would be allowed (net worth of INR 50 lakh).[36] The RBI had initially said that only entities that “meet the criteria of a startup as per the government of India” would be allowed into the regulatory sandbox.

According to the Department for Promotion of Industry and Internal Trade (DPIIT), startups are entities incorporated as private limited companies or registered as a partnership firm or a limited liability partnership; have a turnover of under INR 100 crore in a previous financial year; were incorporated less than 10 years ago; and are working towards innovation/ improvement of existing products, services and processes, and should have the potential to generate employment/create wealth. Entities formed by splitting up or reconstructing an existing business is not considered a ‘startup’.[37]

The relaxation in criteria is welcome as innovation is not restricted to startups. Larger companies are also rolling out new products, which, if brought under the ambit of the sandbox, could help policy improve alongside their products.

Thematic approach

The RBI has adopted a thematic sandbox approach, an iteration of the regulatory sandbox regime that is used to pursue a specific policy objective instead of promoting a broad scope of innovation.[38]

For its first cohort, the RBI will accept entities that deal with retail payments[39]and are engaged in:

  • Mobile payments, including feature phone-based payment services: General innovation in mobile payment services have focused on or supported app-based access, limited to smartphones. There is a need to innovate payment services for feature phones to provide a thrust towards the enhanced adoption of digital payments. India still has an estimated 550 million feature phone users.[40]
  • Offline payment solutions: Consumer behaviour has been driving the growth of digital payment systems as more consumers embrace mobile technology. However, connectivity issues remain unresolved in large areas. Therefore, it is crucial to provide an option to make payments offline through mobile devices to further the adoption of digital payments.
  • Contactless payments: Contactless payments shorten the checkout process and ease the payment process for small-ticket transactions. The rapid growth in devices provides a significant opportunity for payments through any form and location.
On the exclusion of cryptocurrencies

India’s current regulatory environment is hostile towards cryptocurrencies and ICOs. Although the RBI clarified that cryptocurrencies were not banned, it did bar entities regulated by it, including banks, from providing services to any person or firm dealing with cryptocurrencies.[41] As a result, cryptocurrency firms and exchanges have shut down or exited India.[42] The finance ministry has said cryptocurrencies “don’t have any intrinsic value and are not backed by any kind of assets,” likening them to a Ponzi scheme.[43] At the same time, Indian regulators worry that, given its price swings, cryptocurrency trading is a matter of speculation. Meanwhile, the Supreme Court of India has overturned the RBI’s ban on cryptocurrency trading.[44]

Fundamentally, there is confusion over how cryptocurrencies should be regulated in India. If they are a ‘currency,’ the onus of regulation falls on the RBI. If they are treated as a ‘security,’ SEBI will oversee regulation.

The current adverse atmosphere in India for cryptocurrency operation could put the country at a technology disadvantage in the long run as more countries around the world adopt progressive policies. For instance, cryptocurrencies and exchanges are legal in Australia and Japan, are treated as property and subjected to taxes. In the US and Canada, cryptocurrencies are not legal tender, but exchanges are permitted. The US Securities Exchange Commission treats them as securities.[45]

Ideally, India should allow cryptocurrencies to be tested in a regulatory sandbox in a controlled environment with oversight from regulators.

Other design aspects

The RBI is expected to set up an interdepartmental group to decide which startups are admitted into the regulatory sandbox. Three people will work with the fintech firms accepted into the programme.[46]

In contrast, the UK’s FCA sandbox assigns individual case officers to support the design and implementation of each test. Case officers work closely with innovators to help them understand how their business models fit within the regulatory framework and help them build relevant safeguards during and after testing.[47]

The RBI finds assigning an individual case officer a costly and challenging affair.[48] Case officers are more resource- and cost-intensive for regulators but provide greater benefits. For instance, insurance firm Canlon said that costs associated with regulation were lower when they went through the sandbox route and “that the sandbox process with the dedicated case officer took about a month as opposed to 7-12 months to go through the application process.”[49] However, “the sandbox umbrella may require support by leading experts, yet it is uncertain whether those experts will be available for pro-bono engagement, or at all, due to conflicts or liability risk.”[50] RBI officials were receptive to the idea of setting up a helpline to answer queries but could only consider it after the first sandbox cycle ends.[51]

By mandating that fintechs entering the regulatory sandbox have a partnership with an existing bank or entity under its jurisdiction, the RBI appears to be taking a leaf from the Hong Kong Monetary Authority’s book of limiting participation to banks, although they can partner with technology companies.[52] The RBI has insisted on the bank partnership as it expects the bank to scale up the fintech’s ideas. Further, partnering with banks will give fintechs an idea of what can and cannot fit into the innovation framework. Such partnerships would allow the RBI to have regulatory oversight over the banks, which would be bound to comply with existing regulations.[53]

The RBI concedes there is a need for an inter-regulator forum for better coordination within the sandbox for cross-sector products/services. Perhaps, it can learn from the Hong Kong Monetary Authority’s experience of acting as a liaison and primary point of contact for products in the securities and insurance sectors (which have their own sandboxes).[54]

Industry Insights on the RBI’s Regulatory Sandbox

In October 2019, the Observer Research Foundation hosted a group discussion with representatives from the Maharashtra government, fintech firms, and the digital payment and banking community to discuss the RBI’s proposed regulatory sandbox (See Annexure for list of participants). The discussion was under the Chatham House Rule to facilitate a more open conversation. Participants were asked about their experience in dealing with regulators when introducing new products and their opinion on if the proposed sandbox would benefit the financial industry.

Rule-based vs principle-focused regulation

There were some concerns over how the RBI plans to handle the relaxation of rules in the regulatory sandbox. Presently, the fintech business model in India is determined by a highly regulated market, and technological advances are outpacing regulations. Participants noted that regulations are increasingly becoming rule-based as opposed to principles-focused.

The rule-based approach emphasises compliance with the regulator’s directives and provides detailed procedures on following them. The principles-based method, on the other hand, focuses on the outcomes the regulator wants, while leaving the control, measures and procedures to achieve them to the company’s discretion. The rule-based approach gives greater clarity on what is allowed. Companies generally comply with these rules, but the spirit of the law is often not followed. The principles-based method has its risks—inconsistent implementation, uncertainty over how regulators will view the controls in place, and the requirement of high-skills to develop measures to ensure the outcomes.

A participant raised the issue of how digital wallets, which have a relatively low threshold for the amount of money that can be stored in them, were denied access to the Unified Payments Interface (UPI), with more demanding KYC requirements placed on them. All participants agreed that to foster a healthy, innovative environment for fintechs, it is necessary that regulations follow the business model and not vice versa. 

Data localisation and privacy requirements

Fintechs around the world have found the test-and-learn method most effective. But this method requires tracking and analysing site and customer data at granular levels, raising data privacy concerns. With the introduction of more data-specific laws and greater emphasis on privacy, relaxations in the sandbox may not be possible. Participants in the discussion agreed that the Personal Data Protection Bill would result in higher compliance costs across sectors, which will also extend to the regulatory sandbox.

In April 2018, the RBI mandated that all payment data of Indians be stored in the country, and allowed itself “unfettered access” to this data.[55] In a later circular, it clarified its position, saying that it required “end-to-end transaction details and information pertaining to payment or settlement transaction that is gathered / transmitted / processed as part of a payment message / instruction.”[56] This includes customer data (name, mobile number, email, Aadhaar number, PAN number), payment-sensitive data (customer and beneficiary account details), payment credentials (OTP, PIN, passwords) and transaction data (originating and destination system information, transaction reference, timestamp, amount).

For cross-border transactions consisting of a foreign and a domestic component, a copy of the domestic component data may also be stored abroad, if required. This would translate to higher compliance costs for companies considering partnering with foreign firms.

A participant shared their experience with a foreign client over complying with the RBI’s data localisation norms. The client was looking to partner with a local Indian licensee to provide their fraud detection services but required payment data to be processed in European servers. High compliance costs and uncertainty around India’s data laws led to the collapse of the deal.

There is further anxiety on how regulatory sandboxes will fit into the proposed Personal Data Protection Bill in India. The RBI guidelines mention that artificial intelligence and machine learning applications in fintech would be encouraged in the sandbox. Separately, the Bill states that the Data Protection Authority can create sandboxes to promote innovation in artificial intelligence, machine learning or any other emerging technology in the public interest. However, the Bill gives broad exemptions to the sandbox firms, including not providing clear and specific purposes and limiting the collection and retention of personal data.[57] But it is unclear if the exemptions of the Personal Data Protection Bill will apply to this sandbox.

The need for a helpline

The participants agreed that fintech firms often need guidance on complying with existing rules not to run afoul of the regulator, which raises the need for a formal mechanism of engagement.

Many innovators may be recent graduates who do not have the necessary legal knowledge on creating a new product, and it would be a risk to enter the regulatory sandbox as an experiment that might not reach the execution stage. The RBI must set up a helpline or a similar platform to assist the sandbox firms, much like the FCA’s innovation hub.[58]

Capacity building

Participants also raised concerns over the sandbox’s capacity-building abilities. Fintech often overlaps with other sectors, with one participant even saying the RBI only regulates banks and non-banking financial companies and not fintech, which is why it prefers for fintech firms to partner with a bank. This underscores the need for the RBI to build internal capacity to understand what innovators are working on and which products are entering the market.

The participants also stressed the need for Indian regulators to be part of global networks such as the Global Financial Innovation Network (GFIN) to build capacity and enable cross-border testing. The GFIN’s objectives include advancing financial integrity, consumer well-being and protection, financial inclusion, and financial stability through innovation in financial services.[59]


The approachability and responsiveness of the RBI and other regulators to the needs of the fintech community were widely discussed at the forum, with divided opinions. Participants representing or working closely with banks said that the RBI was always approachable and that fintechs must partner with banks to come under the regulator’s oversight. Others felt that young fintech firms, which often challenge banks with their products, are not being heard enough, and there should be mechanisms that let them continue to innovate.

There was broad consensus that the RBI is genuinely trying to understand the issues of India’s relatively nascent fintech industry, but more mechanisms are needed to boost fintech innovation. 

The following recommendations were arrived at:

  • Regulators must harmonise the jurisdiction for sandboxes. Currently, RBI, SEBI, IRDAI and several individual states are running separate sandboxes, and there is a need to build communication channels between these.
  • The regulator’s internal capacity must be boosted. The RBI has indicated that three full-time officers will oversee the regulatory sandbox. With fintech developing at a rapid rate, there is a need to understand these innovations and the impact they would have on consumers, which would require more people to work closely with the firms.
  • Indian regulators must institute a formal office/mechanism to reach out to innovators and actively look at developments in the fintech space. Additionally, this mechanism should help address the innovators’ doubts and provide guidance on regulatory compliance.
  • Indian regulators must be part of global networks for knowledge sharing. As India’s fintech ecosystem starts expanding to other countries, it is necessary to ensure these firms do not contravene international norms. It will also help India take on a leadership role for unique innovations. For instance, Google wrote to the US Federal Reserve to urge the regulator to build a real-time payments architecture on the lines of India’s UPI.[60]
  • As financial systems digitise, financial regulators must keep abreast of data governance and privacy issues and the evolving data-specific laws. 

It is difficult to assess what the regulatory sandbox regime will now mean for the Indian fintech ecosystem. While the efforts of the RBI, SEBI and IRDAI are commendable, the results of the testing of firms accepted into the sandbox will shed more light on the merits of the exercise in the coming months. The RBI has already announced that it will run a regulatory sandbox cohort focusing on lending and extending credit faster, using data points that were not considered in the ordinary course of operations.[61]

The regulatory sandbox proposal is an exciting opportunity for India’s innovative fintech community, but it not a substitute for the consultation process. Regulators must create a feedback loop with the sandbox firms. The results of the exercise will be useful in developing evidence-based policy. Nevertheless, more formal mechanisms of engagement between regulators and the industry must be developed.


[1]Enabling Framework for Regulatory Sandbox”, Reserve Bank of India, accessed 2 March 2020.

[2] Vivek Belgavi, Ashootosh Chand, Arvind V Arryan, Avneesh Narang,  Emerging technologies disrupting the financial sector, 9 May, 2019, PricewaterhouseCoopers and ASSOCHAM, accessed 2 March, 2020,

[3] Ben Shenglin, LV Jiamin, Qian Xiaoxia et al,  The Future of Finance is Emerging: New Hubs, New Landscapes,  14 November 2018, Academy of Internet Finance, Zhejiang University and Cambridge Centre for Alternative Finance, accessed 2 March, 2020.

[4]RBI sets up Inter-regulatory Working Group on Fin Tech and Digital Banking”, Reserve Bank of India, accessed 2 March 2020.

[5] “Enabling Framework for Regulatory Sandbox”, op. cit.

[6]Regulatory Sandboxes”, 6 December 6, 2018, DFS Observatory, accessed 2 March 2020.

[7]CFPB Launches Project Catalyst to Spur Consumer-Friendly Innovation”, 12 November 2012, Consumer Financial Protection Bureau, accessed 2 March  2020.

[8]Regulatory Sandbox”, November 2015, Financial Conduct Authority, accessed 2 March 2020.

[9]Regulatory Sandbox – Cohort 5”, 25 April 2019, Financial Conduct Authority, accessed 2 March 2020.

[10] Philip Tillmich, Katarina Jokic, Audrey Oh, UK ‘regulatory sandbox’ to foster FinTech innovation, While Case LLP, April 2016, accessed 29 April 2020,

[11] Kieran Garvey, Ben Shenglin et al, Guide to promoting financial and regulatory innovation, March 2018, Cambridge Centre for Alternative Finance, Academy of Internet Finance, Zhejiang University, British Embassy in Beijing, accessed 2 March 2020.

[12]  Ibid.

[13] Vishnu Chundi, “UK FCA Regulatory Sandbox: Lessons Learnt and Application Tips”, Medium, 6 March, 2018, accessed 2 March, 2020.

[14] “Guide to promoting financial and regulatory innovation”, op.cit.

[15] Christopher C. Chen, “Regulatory Sandboxes in the UK and Singapore: A Preliminary Survey”, 6 September 2019, Regulating FinTech in Asia: Global Context, Local Perspectives (Mark Fenwick, Steven Van Uytsel and Bi Ying ed., Forthcoming, August 2020), accessed 2 March, 2020.

[16]Guide to regulatory sandbox”, Money Sense, Singapore Government, 29 October, 2018, accessed 27, April, 2020.

[17] Sharmista Appaya and Ivo Jenik, “Running a Sandbox May Cost Over $1M, Survey Shows”, 1 August, 2019, CGAP, accessed 2 March, 2020.

[18] “Guide to promoting financial and regulatory innovation”, op.cit.

[19] Sharmista Appaya and Ivo Jenik, CGAP-World Bank Regulatory Sandbox Survey 2019, July 2019, FinDev Gateway CGAP, accessed 2 February  2020.

[20] Ibid.

[21] Ibid.

[22]Discussion Paper on Framework for Regulatory Sandbox”, 28 May, 2019, Securities and Exchange Board of India(SEBI), accessed 2 March, 2020,

[23]  Insurance Regulatory And Development Authority of India, 22 August, 2019, “Regulatory Sandbox Approach”, accessed March 2, 2020.

[24]Mumbai FinTech Hub”, Government of Maharashtra, accessed 2 March, 2020.

[25]HDFC Bank Public API Portal”, HDFC Bank, accessed 2 March, 2020.

[26]ICICI Bank API”, ICICI Bank, accessed 2 March, 2020.

[27] YES Bank, 13 November, 2019, “YES BANK Launches YES Fintech Developer, India’s Largest Banking API Developer Platform”, accessed March 2, 2020.

[28] “Regulatory Sandbox – Cohort 5” op. cit.

[29] Press Trust of India, “Sebi approves regulatory sandbox for live testing of new products”, 17 February, 2020, accessed 27 April, 2020.

[30]Sebi board clears regulatory sandbox for registered entities”, 17 February, 2020, Press Trust of India, accessed 2 March, 2020.

[31]Irdai sets up panel to evaluate application under regulatory sandbox”, 25 October, 2019, Press Trust of India, accessed 2 March, 2020.

[32] Insurance Regulatory and Development Authority of India. August 2019.  “Guidelines on operational issues pertaining to the regulatory sandbox”

[33] “Enabling Framework for Regulatory Sandbox”, op. cit.

[34] Lawrence, Adrian, Fuggle, Bill et al, Baker Mackenzie,  International Guide to Regulatory Sandboxes, 2018, accessed 27 April, 2020.

[35] RBI officials (who requested anonymity), in discussion with the author, October 2019

[36] Reserve Bank of India, 18 April 2019, “Draft Enabling Framework for Regulatory Sandbox”, accessed 2 March, 2020,

[37] Notification from the Ministry of Commerce and Industry, The Gazette of India, Department for Promotion of Industry and Internal Trade, 19 February 2019, accessed 2 March 2020.

[38] Schan Duff, “A Growing Trend in Financial Regulation: Thematic Sandboxes”, 14 February, 2019, CGAP, accessed 2 March, 2020.

[39] Reserve Bank of India, 4 November 2019, “Reserve Bank announces the opening of first cohort under the Regulatory Sandbox”, accessed 2 March, 2020.

[40] Himanshi Lochchab, “Overall India handset market growth to fall in 2020”, Economic Times, 24 December, 2019, accessed 29 April, 2020.

[41]Notification: Prohibition on dealing in Virtual Currencies (VCs)”, 6 April, 2018, Reserve Bank of India, accessed 2 March, 2020.

[42] Mamtha Asokan, “Cryptocurrency Exchanges Move Operations out of India” 23 July, 2019, Times of India, accessed March 2, 2020.

[43] Press Information Bureau of India, 29 December, 2017, “Government Cautions People Against Risks in Investing in Virtual ‘Currencies’; Says VCs Are like Ponzi Schemes”, accessed 2 March, 2020.

[44] Aneesha Mathur, “Supreme Court quashes RBI ban on cryptocurrency trade”, India Today, 4 March, 2020, accessed 29 April, 202o.

[45] Loona Jarvloo, “Cryptocurrency Regulations Around the World”, 6 February, 2020, ComplyAdvantage (blog), accessed 2 March 2020, .

[46] RBI officials who requested anonymity, in discussion with the author, October 2019

[47] Regulatory sandbox lessons learned report, October 2017, Financial Conduct Authority, accessed 2 March, 2020.

[48] RBI officials (who requested anonymity), in discussion with the author, October 2019

[49]  “Guide to promoting financial and regulatory innovation”, op.cit.

[50] Dirk A. Zetzsche et al., “Regulating a Revolution: From Regulatory Sandboxes to Smart Regulation”, Volume 23, Article 2, FORDHAM J. CORP. & FIN. L. 31 (2017)

[51] RBI officials who requested anonymity, in discussion with the author, October 2019

[52] “Fintech supervisory sandbox (FSS) guidelines”, Hong Kong Monetary Authority, accessed 2 March 2020.

[53] RBI officials (who requested anonymity), in discussion with the author, October 2019

[54]Welcome to the Fintech Contact Point | Securities & Futures Commission of Hong Kong”, accessed March 5, 2020.

[55]Notifications: Storage of Payment Data”, Reserve Bank of India, 6 April 2018, accessed March 2, 2020.

[56]Frequently Asked Questions: Storage of Payment Data”, Reserve Bank of India, 26 June 2019, accessed March 2, 2020.

[57]Global Financial Innovation Network (GFIN)”, FCA, 29 January 2019, accessed 2 March 2020.

[58]Innovate and Innovation Hub“, FCA, November 25, 2015, accessed 2 March 2020.

[59]Global Financial Innovation Network (GFIN),” FCA, 29 January 2019, accessed 2 March 2020.

[60] Himani Kothari, “Digital payments: Google wants US Fed to replicate India’s UPI model”, 14 December 2019, Business Standard, accessed 2 March 2020.

[61] Shaktikanta Das, “Micro, Small and Medium Enterprises: Challenges and Way Forward”, 6 March 2020, at the 15th ASSOCHAM Annual Banking Summit, accessed 13 March 2020.


List of Participants

‘Mumbai Tech Talk: Regulating Disruption and Deepening Digital Payments in India’ 9 October 2019 / Mumbai

Arvind Ravindranath, Partner, Nishith Desai Associates

Pravinkumar Bhandari, Chief Business Officer, ePaisa

Mihir Mehta, Vice President, Ashika Group

Nath Parameshwaran, Director, PayPal India

Abhishek Sinha, CEO, Eko India Financial Services

Rajan Bajaj, CEO, Slice

Rohit Mahajan, President of Risk Advisory, Deloitte India

Vishal Jain, Partner, Deloitte India

Prakhar Mishra, Associate, IDFC Institute

Varun Rajda, Constellation Blu

Sameer Unhale, Additional Municipal Commissioner, Thane Municipal Corporation

Manish Boricha, Chief Products Officer, Fino Payments Bank

Abhishek Arun, Senior Vice President, Payments Bank

Rahul Kankaria, Government of Maharashtra

Gayatri Nayak, The Economic Times

Lina Sonne 

Cyril Borle, Consulate General of Canada

Dhaval D Desai, Vice President, Observer Research Foundation

Arun Mohan Sukumar, former Head of Cybersecurity and Internet Governance, Observer Research Foundation

Shashidhar KJ, Associate Fellow, Observer Research Foundation

Renita D’Souza, Fellow, Observer Research Foundation

The views expressed above belong to the author(s). ORF research and analyses now available on Telegram! Click here to access our curated content — blogs, longforms and interviews.