7 minute read 5 Mar 2018
child hand sand castle

How regulatory "sandboxes" facilitate optimal regulation in Asia Pacific


James Lloyd

EY Asia-Pacific FinTech Leader

Dubliner in Asia. Passionate about early-stage, growth-stage and non-traditional financial services. Husband. Father.

7 minute read 5 Mar 2018
Related topics Financial Services EMEIA AI

As Asia-Pacific (APAC) embraces FinTech, new challenges are emerging for its traditional financial services institutions.

Not least the question of how to innovate while maintaining compliance with the types of regulations that different governments will set across the region. APAC's respective governments know that FinTech has the potential to deliver economic benefits by lowering the cost of operations and enhancing competition. They also appreciate the potential societal benefits FinTech can bring by boosting financial inclusion and delivering more convenient financial services.

To accommodate the unprecedented pace of digital change in the region, financial regulators are considering paths to "optimal regulation" - i.e. creating an environment that encourages FinTech providers to harness emerging technologies without weakening the financial system or eroding consumer protections.

This is where regulatory sandboxes come in, because they can encourage innovation while ensuring security and stability for organizations, customers and governments.

The challenges FinTech poses for regulators

The FinTech revolution is still in its first decade, but it has already influenced financial services on a global scale. According to the most recent EY FinTech Adoption Index, an average of 33% of digitally active consumers make use of FinTech products and services. Of the 20 countries surveyed, China and India are leading, with 69% and 52% FinTech adoption respectively.

FinTech's rise poses serious new regulatory dilemmas around a range of technologies. Crowd-funding is a useful example of this: if a private company wishes to raise money from the general public via crowd-funding, what level of disclosure should it follow?

On the one hand, if a high level of disclosure is required, the cost of independent assessment may mean that crowd-funding no longer offers an attractive means of raising capital. On the other hand, if the disclosure requirement is low, how will regulations protect investors who may not be able to fully assess the risks of these early-stage companies?

A second example of FinTech's complex regulatory implications can be found in robo-advisory services. Unlike conventional financial advice, robo-advisory services rely on algorithms and portfolio management to analyze investor data and automatically recommend investment portfolios. With this high level of automation that is detached from human oversight, how can regulators be sure that the computer-generated asset allocation models are accurate, and can handle extreme "black swan" events? Furthermore, will the information that clients provide on their risk tolerance and level of income be sufficiently precise to generate suitable advice?

Thirdly, there is concern that regulation can hamper FinTech's potential. For example, banks can give third-party financial service providers access to their customers' accounts - with the clients' permission - through application programing interfaces (APIs) or data sharing. The richer the data that banks provide to these third parties, the more helpful the solutions they can offer. Third-party service providers can then tailor their recommendations based on users' saving patterns and offer attractive interest rates based on historical transaction history. However, this may contradict or contravene existing regulation in regard to data privacy and sharing.

Despite the wide range of economic development and regulatory regimes across APAC, all jurisdictions are striving to strike the right balance between innovation and regulation. Regulatory sandboxes are emerging as a solution to this common problem.

A safe space for innovation

Regulatory sandboxes provide an environment of reduced regulatory constraints on innovative financial products and services. They enable financial services innovators - both incumbents and startups - to test new products and services in a "safe area", providing greater flexibility or even exemptions from existing regulation.

Sandboxes can be highly valuable to financial services institutions in three important ways:

  • They reduce the time and cost of getting innovation to market.
  • They provide innovators with greater access to finance by reducing risks of client adoption and increasing returns on capital investment.
  • They enable innovators to work with regulators to ensure new development of technologies and business models aligns with regulations.

Regulatory Sandboxes typically function in four phases - Application, Preparation, Experimentation and Validation. These are illustrated in figure 1.

All regulatory sandboxes use similar customer safeguards, usually including a strict trial scope, a clear exit strategy, disclosure requirements and risk management measures such as limiting the number of trial users, IT security, or requirements of customer consensus. These insulate consumers against failure if the experiment fails.

Furthermore, specific restrictions are integrated into regulatory sandboxes to ensure that risk isn't transferred from companies to consumers. The scope of these restrictions depends on the type of products, business models and technologies being leveraged.

For example, if the test involves selling insurance via a mobile app, the regulator may decide to limit the test to basic insurance (such as travel insurance), rather than allow more complex insurance products (such as life insurance). Similarly, for an investment product, regulators may require firms to stay away from testing complex investment instruments and set thresholds for total assets under management (AUM) per client.

Most regulators screen would-be sandbox participants at an early stage, setting conditions such as the size of the business, the level of innovation, the feasibility of the business model or the contribution to the local economy. However, each sandbox has to reflect the differing maturity of individual financial systems, regulatory frameworks and risk tolerance.

APAC's regulatory sandboxes in action

In the past three years, eight APAC jurisdictions - Australia, mainland China, Hong Kong SAR, Indonesia, Malaysia, Singapore, South Korea and Thailand - have implemented regulatory sandboxes. The region's regulators appear united in their desire to facilitate innovation while ensuring that society can enjoy the benefits of innovative FinTech offerings without undue risk. They are also aware of the need to protect the integrity of local financial markets while ensuring those markets remain globally competitive. Figure 2 summarizes the characteristics of those sandboxes in action.

The future of regulatory sandboxes

Regulatory sandboxes have already proved their potential in helping fast-track safe and secure FinTech solutions, as described above. However, it has become clear from the progress made so far that every market faces different regulatory pressures when integrating FinTech with its legacy financial services operations. As sandbox models scale and diversify to accommodate greater FinTech adoption, regulators will need to react to three major trends:

  1. The emergence of multiple regulatory sandboxes with differing time horizons and testing parameters within a single jurisdiction. These will help regulators create safe and worthwhile testing environments for emerging technologies with higher maturity and better defined scope. Shorter approval processes and testing parameters tailored by function (e.g. virtual banking, biometrics, user comparison sites, P2P, and robo-advisors) will be two of the positive outcomes of this trend.
  2. The emergence of regulatory sandboxes that are not limited to just one jurisdiction. Regulators are increasingly starting to build multilateral "FinTech bridges" that will improve information sharing and, in the longer term, could provide clarity on FinTech's cross-border regulatory impacts. This might include the protection of offshore investors participating in local crowd-funding platforms, or improved data privacy and cybersecurity in cross-border data sharing applications such as cloud and blockchain. On 14th Feb 2018, the UK's Financial Conduct Authority (FCA) proposed the idea of a "global sandbox" which would allow firms to conduct tests in different jurisdictions at the same time. Within APAC, such an example could be developed in the Greater Bay Area where government plans to deepen integration between Hong Kong SAR, Macau SAR, and Guangdong in southern China may yet include a FinTech component.
  3. The emergence of individual industry sandboxes and associated industry certifications. Many FinTech solutions are built on differing standards. For example, a mobile banking solution provider needs to build different software models depending on the data standards of each of the banks that they support. To address this issue in the UK, the FCA has commissioned Innovate Finance (an industry representative body) to develop an industry-led sandbox and work with industry players to agree on common data models and reference architecture. The objective is to not only raise the standards on security and data privacy, but also to allow the scalable rollout of new FinTech solutions. In addition to industry sandboxes, we anticipate the emergence of industry certification. Establishing consistent reporting standards or industry certificates in areas requiring more specialized knowledge (e.g. investment performance standards in robo-advisors, the security of cryptography in blockchain applications or credit scoring models in alternative lending) can facilitate cross-platform comparisons and aid consumer protection.

Implications beyond APAC

Global FinTech adoption is only going to accelerate in the coming years. The adoption of regulatory sandboxes in APAC provides key guidance for how this acceleration should be managed.

To make the most of this increasingly collaborative environment, established financial institutions looking to harness FinTech innovation can take the following actions:

  • Get ready for sandbox testing. Streamline your decision-making processes to improve agility. Review your available resources with the aim of supporting experimentation across departments.
  • Partner with FinTech startups. Some of the best early sandbox results have come from established financial institutions partnering with FinTech startups to verify new business models.
  • Start working with regulators early. Firms able to work with regulators to navigate and define the regulatory boundary will gain a first-mover advantage.
  • Develop a global view beyond your home market. Consider how overseas developments might influence local regulations and approaches.
  • Prepare for cross-country collaboration. Consider how your solution can be scaled across borders in the design phase as regulators work more closely as they draft FinTech regulations and best practice guidelines.


Learn more on our global insights on the biggest issues facing the financial services industry.

About this article


James Lloyd

EY Asia-Pacific FinTech Leader

Dubliner in Asia. Passionate about early-stage, growth-stage and non-traditional financial services. Husband. Father.

Related topics Financial Services EMEIA AI