Fact Sheet: Regulatory Sandboxes in Financial Services, Fintech, and AI
By Elizabeth "Bitsy" Skerry
What is a regulatory sandbox?
A regulatory sandbox is a framework set up by a regulator in which firms (businesses) are exempt from legal risk of compliance with certain regulations and in some cases avoid civil liability. Firms apply to be a part of the sandbox and are selected by regulators. The first regulatory sandbox was announced in 2015 for fintechs by the United Kingdom’s Financial Conduct Authority (FCA). The idea is that a regulatory sandbox will give select firms the chance to engage in a limited product launch “in an environment characterized by fewer rules and less risk of enforcement.”
A regulatory sandbox has two purported goals: 1) to reduce regulatory barriers to entry that may interfere with innovation; and 2) to give regulators the chance to learn about new technologies and how they may need to adapt their practices given these new technologies.
However, regulatory sandboxes are designed to roll back public protections to accommodate innovation, which is contrary to the public interest. Furthermore, regulatory sandboxes are often comprised of firms that are developing new products or services outside of the regulator’s expertise, which can lead to deregulation brought on by corporate capture as the regulator becomes the student. The aforementioned point doesn’t quite square with the purported second goal of regulatory sandboxes, which demonstrates that they are not achieving their goals.
A “sandbox” evokes images of playing around and tinkering within a defined space. But for Silicon Valley’s giants – the Big Tech companies who live by the motto “move fast and break things” – a sandbox will not contain such raucousness fueled by corporate greed. A regulatory sandbox, instead, becomes a convenient mechanism for evading compliance with consumer protection, anti-discrimination, anti-fraud, and other laws under the guise of “innovation.”
Are regulatory sandboxes good policy?
No, regulatory sandboxes are not good policy.
Given the interest in regulatory sandboxes, policymakers worldwide have considered (and are) applying sandboxes to the area of artificial intelligence (AI) to assist innovation and help guide new regulatory strategies for AI. Yet, fintech regulatory sandboxes being around for over a decade has yielded “limited support” for AI sandboxes as a matter of public policy.
There is scant empirical evidence in existence to assess whether fintech sandboxes have accomplished their goals, how regulatory sandboxes have impacted fintech regulation, or whether sandboxes are beneficial to anyone besides the firms who benefit from innovating within them.
There are reasons to be skeptical about whether fintech sandboxes can accomplish their goals: 1) it’s not clear whether fintech innovation is creating “sufficient societal benefits to justify rolling back important regulations that protect consumers and the broader financial system from harm”; 2) “there are important constraints on what regulators can learn from sandbox trials, stemming from the non-representative nature of sandbox participation as well as conditions that are highly conducive to regulatory capture”; and 3) regulators are constrained from sharing the information they do get from the regulatory sandbox.
Additionally, there is evidence that once a firm is accepted into the sandbox, it never escapes, even after the sandbox period has ended. In some cases, firms have been unable to comply with the law, as was the case when crypto sandbox terms expired in Canada. Firms accepted into sandboxes tend to act or operate as if they are still in the sandbox well past their expiration date into perpetuity. This could lead to misconduct, as regulators are forced to grapple with whether to require regulatory compliance, shut down the offending firm, or “make sandbox exemptions permanent.” Regulators may be unable to make an independent decision as to what is best for the public interest versus what is best for the firm.
For these reasons, and also because fintech sandboxes have proved to come with high operational costs, policymakers should not adopt both AI and fintech sandboxes. Public Citizen is opposed. Furthermore, Public Citizen urges opposition to H.R. 4801, the Unleashing AI Innovation in Financial Services Act, and H.R. 3633, the Digital Market Clarity Act.