Regulatory sandboxes enable innovators to test out legal aspects of services in advance of market launch, especially in fintech. A new EU initiative aims to support cross-border testing - but there are criticisms
The EU is promoting regulatory sandboxes as a way of helping start-ups to bring challenging technologies to the market, and is launching a platform to connect national sandboxes for financial services, to make cross-border testing a possibility.
Meanwhile, EU-backed regulatory sandboxes for blockchain and artificial intelligence applications are on their way.
But what actually happens in a regulatory sandbox, and who benefits?
A regulatory sandbox allows companies to test new products or services with customers, under close supervision of the authority likely to regulate it when/if it comes to market. The business model might be innovative, or there might be novel technology in the product, such as blockchain.
The attraction of a regulatory sandbox is that both the innovator and regulator learn from the other, in the most direct way possible. “The regulator is getting raw, uncut understanding of the technology,” said Mads Stolberg-Larsen, co-founder and chief executive of ZTLment, a blockchain start-up that went through the Danish Financial Supervisory Authority (FSA) sandbox. “We are not there to sell them a strategy consulting project on blockchain. We are there to explain how our solution works, so that we can get it regulated as quickly as possible. And they are the most authoritative source on how our technology will be regulated.”
Put like this, a sandbox represents a clear win for both sides. Yet the approach has its critics, particularly in the US, where concerns have been voiced that they may act as a brake on innovation or leave consumers exposed.
ZTLment’s system allows business-to-business payments to be made automatically, triggered by data events in the cloud, such as the signature of a smart contract or notice of receipt of goods. The idea is to make such transactions cheaper and faster, bypassing traditional intermediaries such as banks and clearing systems. The ZTLment transfer is underpinned by blockchain technology.
For ZTLment, the sandbox experience lasted from April to November 2021. First, there was a detailed conversation with the Danish FSA about how, if at all, the business model and technology should be regulated. The conclusion was that using blockchain as a payment infrastructure is not necessarily covered by Danish and European payment regulations, but that ZTLment’s service was. So the company applied for a limited license, allowing it to make transactions within the scope of the sandbox programme.
Next there was a brief testing phase, in which ZTLment used its system to make payments for a business-to-business marketplace in the food and beverage sector. “We set up a mini-supply chain with them in order to show that, by using their platform together with our smart contract software, we could execute transactions in the way we set out to,” said Stolberg-Larsen. Finally, both sides revisited the regulation question in the light of the test results.
Throughout this process, there was no suggestion that ZTLment should not use blockchain. “It’s the contractual relationships between us and customers that is regulated, not the technology,” Stolberg-Larsen noted. But to reach that conclusion, both sides needed to engage. “Blockchain is already a fairly complex technology, and then matching that with complex regulation is not a trivial task. And it’s that iterative process between the two that is so hard to nail in financial services,” he said.
ZTLment has now applied for a full payment institution license in Denmark that can be passported across Europe. While the time it took to go through the sandbox was a potential risk in a fast-moving market, it was worth it for the reassurance of engaging directly with the regulator. “We’ve heard from a lot of people that taking regulation seriously helps us stand out from a lot of other things that are happening in the blockchain space right now,” said Stolberg-Larsen said.
Insurance plus the internet of things
British start-up FloodFlash was much earlier in its development in 2017, when it took part in the sandbox run by the UK Financial Conduct Authority (FCA). Its idea was to offer flood insurance to businesses, with pay-outs linked to the flood event rather than an assessment of any subsequent damage. This approach is known as parametric insurance: pay a claim instantly based on a certain parameter, like flood depth, rather than going through the usual, lengthy and contentious process of inspection, claims adjustment and (often delayed) settlement.
To implement this, FloodFlash was developing a networked flood sensor to be placed at each insured property, which would trigger an automatic payment when water reached a pre-agreed level.
When FloodFlash joined the sandbox, it knew what kind of data the sensor would produce, but work was still underway to turn it into a packaged piece of hardware. Meanwhile, the company wanted to know the regulator would be comfortable with its insurance product.
“Parametric insurance already exists as a concept that regulators are comfortable with at other levels, so it was more about definitions and how the product was presented,” said marketing manager Chris Hall.
“We did interact with customers in the sandbox, but the interaction with the regulators was probably more important from the perspective of developing the insurance product,” Hall said. “It helped speed up those conversations and gave a huge boost to the reputation of the business, before we had a product to sell.” Meanwhile the regulator was keen to talk about the nuts and bolts of the product. “The role of the technology in the insurance product was discussed quite heavily.”
Building on its experience in the sandbox, FloodFlash launched in the UK at the beginning of 2019. Now it is preparing to open in the US. In parallel with pilots to make sure its sensors work well on American networks, it is again looking to build bridges with the regulators. “It’s a challenge that you have market by market,” said Hall.
Logalty, a Spanish digital identity and trust company, has had two projects accepted into Spain’s regulatory sandbox, one for insurance and one for banking. “Both test environments have allowed us to experiment with different innovative technologies that were not sufficiently known until now and for which, for the time being, there is no defined regulatory framework,” said Maria Dolores Pescador, chief executive of Logalty Group and co-founder of Regtech Solutions, a start-up absorbed into the company last year.
In each case, the sandbox experience may result in regulation evolving to accommodate the technology, for example to allow verification of identity without a face-to-face meeting in certain circumstances. And it is also helping the company develop its products. “Being in the sandbox has allowed us to expand the functionality of the solutions we offer to our customers, under a controlled umbrella,” Pescador said. “In addition to the advantage of testing a product with real clients, the added value comes from the possibility of showing the supervisor the reality of the market and the solutions that we provide.”
Connecting sandboxes
The EU Digital Finance Platform launched this month is intended to make scaling up from market to market within Europe quicker and easier. Through the platform, companies can apply to carry out a trial in two or more national sandboxes at the same time, or to test in one sandbox with other national authorities participating as observers. It will also be possible to share trial findings through the platform, as a way of building bridges with authorities in different countries.
The platform will cover sandboxes and authorities from all EU and EEA countries, but not the UK, a significant, Brexit-related omission given the size of the UK financial market, and the six years of experience vested in the FCA sandbox. Still, since fewer than half of all EU states currently operate a sandbox, this has the potential to considerably extend the reach of trials.
A call for tenders to build the EU’s blockchain sandbox went out in March. Its first users are likely to be public service use cases under the European Blockchain Services Infrastructure, but the intention is to open it up to a broad range of other blockchain applications across different industries. It also extends to projects combining blockchain with other technologies, such as artificial intelligence or the internet of things. Meanwhile the proposed EU Artificial Intelligence Act foresees the creation of coordinated AI sandboxes at the national level, or under the eye of the European Data Protection Supervisor.
This proliferation of regulatory sandboxes with apparently overlapping remits is causing some concern in industry. “The framework for cross-border testing is very important, and welcomed by our companies,” said Maria Saszkiewicz, president of the European Digital Finance Association, at the platform launch event. “However, since there are other attempts on the EU level to create sandboxes, it should be made clear which of those sandboxing regimes or procedures a company can use.”
Stolberg-Larsen agrees. “I like the idea of connecting sandboxes, but I would really like to know what the split is between the local and European sandboxes. As a market participant, that is definitely something we would love clarity on.”
The Commission acknowledges this concern, and says the matter is in hand. “We are coordinating our work internally and we are indeed looking to facilitate exchange of information and experience between the authorities involved in the different initiatives,” an official said.
Elsewhere in the Ecosystem
- The European Innovation Council should do more to develop entrepreneurial talent, according a group of its expert advisers. A report on deep-tech entrepreneurship training just published suggests the EIC should do this by creating two new programmes: the Trailblazer programme, for talented PhD candidates and postdocs on existing EIC-funded projects; and the Pioneer programme, which would be an add-on for initiatives running in EU member states. For details, see the full report.
- Cambridge Innovation Capital, the investment firm set up by Cambridge University to invest in series A rounds of companies spun out of the university, has raised £225 million for its second fund. To date, CIC has invested in around 40 tech and life sciences companies, most recently Riverlane in quantum computing, Pretzel Therapeutics in mitochondria-targeted drugs and Epitopea in cancer immunotherapeutics.
- The Commission is seeking views on its European Innovation Agenda, which aims to help more European start-ups to scale up. Issues include innovation-friendly regulation, attempts to connect innovation ecosystems around the bloc, initiatives reducing the gap between the most and least innovative European regions, and measures for developing and attracting talent. Respond by 10 May.