On 16 November 2016, the Monetary Authority of Singapore (“MAS”) issued new Fintech Regulatory Sandbox Guidelines (the “Guidelines”), along with a set of Frequently Asked Questions on the same (“FAQs”). These set out the objectives and principles behind a regulatory sandbox approach (“Sandbox”) for the development and implementation of financial technology (“FinTech”) solutions, and are meant to provide guidance to interested parties (the “Applicant”) on the application process. On approval, the Applicant will be responsible for deploying and operating the Sandbox, with MAS providing the appropriate regulatory support.
This was first proposed by MAS in a consultation paper published on 6 June 2016 (the “Consultation Paper”), which we had reported on earlier in June 2016. After considering feedback received on the Consultation Paper, MAS has now finalised its policy posture on the FinTech regulatory sandbox approach, and issued the new Guidelines and FAQs in conjunction therewith.
Objectives and Principles of the Sandbox
As previously indicated by MAS, the Sandbox is intended to allow financial institutions (“FIs”), as well as technology and professional services firms, to experiment with FinTech solutions in a production environment where actual products or services are provided to customers, within a well-defined space and duration. Such a controlled environment means including appropriate safeguards to contain the consequences of failure, and to maintain the overall safety and soundness of our financial system as it stands.
MAS will render appropriate regulatory support by providing flexibility and relaxing specific legal and regulatory requirements (to which the Applicant would otherwise be subject) for the duration of the Sandbox. To reiterate what was set out in the Consultation Paper, the areas in which MAS had indicated it would be willing to relax requirements include:
- asset maintenance requirement;
- board composition;
- financial requirements (such as cash balances, credit rating, and financial soundness);
- fund solvency and capital adequacy;
- licence fees;
- management experience;
- expectations in other regulatory guidelines;
- reputation; and
- track record.
However, MAS also stated in the Consultation Paper that it would not be willing to relax the following regulatory requirements:
- confidentiality of customer information;
- fit and proper criteria, particularly on honesty and integrity;
- handling of customer’s moneys and assets by intermediaries; and
- prevention of money laundering and countering the financing of terrorism.
In response to feedback received, MAS has emphasised that the abovementioned lists are non-exhaustive, and has given the assurance that it would adopt a risk-based approach to determine the most appropriate and effective form of regulatory support to facilitate experimentation in the Sandbox. MAS also stated that it will continue to explore the most appropriate ways in which non-regulatory support can be rendered.
Clarification of Sandbox Evaluation Criteria
MAS has, in the Guidelines, clarified the evaluation criteria, including using examples where appropriate. The updated evaluation criteria includes:
- the application should explain how the FinTech solution is “technologically innovative or applied in an innovative way”, for instance, by providing secondary research to show that there are few or no comparable offerings currently available on the Singapore market;
- the application should show how the FinTech solution would address a problem or bring benefit either to customers or to the industry, for instance, by offering evidence drawn from relevant consumer or industry research; and
- in connection with broader scale deployment after exiting the Sandbox, the application should show that the Applicant is prepared to continue contributing to Singapore in other ways, such as continuing the developmental efforts of the proposed financial services in Singapore.
The application template has also been simplified following feedback received. Notably, the Applicant needs only provide a brief overview of its business strategy and its plan for the FinTech solution (as opposed to detailed explanations, which was originally contemplated in the Consultation Paper). This was to take into account feedback that the initial application template may impose an undue burden on Applicants, especially on start-ups operating at the experimentation stage, which may not have the necessary resources.
Circumstances where the Sandbox may not be suitable
In the Consultation Paper, MAS had initially identified four circumstances in which the Sandbox may not be suitable. Accepting feedback from respondents that some of these proposed circumstances may be duplicative or may be in conflict with some of the evaluation criteria, MAS has removed the initially proposed third and fourth circumstances, namely that of “reasonable and effective experimentation in the laboratory environment” and “no intention to deploy in Singapore” respectively. Thus, only the two circumstances set out below remain:
- first, where the proposed FinTech solution is similar to those already offered in Singapore. In this regard, MAS has stated that that it would not regard a FinTech solution to be similar to those that are already being offered in Singapore if the Applicant can show that either a different technology is applied, or the same technology is applied differently; or
- second, where the Applicant has not demonstrated that it has done its due diligence on the FinTech solution. Such due diligence would typically have to include testing in a laboratory environment, as well as familiarisation with the legal and regulatory requirements applicable for deploying the FinTech solution.
Sandbox Duration and Exiting from the Sandbox
To recap, it was stated in the Consultation Paper that the Sandbox, when granted, will normally operate only for a defined period of time, at the end of which any legal and regulatory requirements relaxed will expire. If both MAS and the Applicant are satisfied with the intended test outcomes, and the Applicant is able to fully comply with the relevant legal and regulatory requirements, MAS would then permit the FinTech solution to be deployed on a broader scale. On the other hand, if the Applicant is unable to fully comply with the relevant legal and regulatory requirements at the end of the Sandbox period, the Sandbox would be discontinued. The Sandbox would be discontinued in the following circumstances:
- MAS is not satisfied that the Sandbox has achieved its intended purpose;
- the Applicant is unable to fully comply with the relevant legal and regulatory requirements at the end of the Sandbox period;
- a flaw has been discovered in the Fintech solution under experimentation, where the risk posed to customers or the financial system outweigh the benefits, and the Applicant acknowledges that such flaw cannot be resolved within the duration of the Sandbox;
- MAS terminates the Sandbox due to reasons including the Applicant breaching any condition imposed for the duration of the Sandbox; or
- the Applicant has informed MAS of its decision to exit the Sandbox at its own discretion.
In the Consultation Paper, it was also stated that the Applicant had to ensure that its obligations to customers must be fully fulfilled or addressed before it exits or discontinues the Sandbox.
In its final form, with regard to the element of handling critical flaws uncovered during experimentation, the Guidelines now say that the Sandbox would be required to be discontinued upon discovery of a flaw, only where the risk posed by the flaw to customers or the financial system outweighs the benefits of the FinTech solution. In response to suggestions that the Applicant could be granted an extension of time to address the flaw where it is confident that such flaw can be rectified with additional time granted, MAS appears to be willing to consider this, having stated that this would be deliberated on a case-by-case basis.
Another source of concern expressed by respondents was that full compliance with legal and regulatory requirements (for example, meeting the “track record” and “management experience” requirements) could be difficult for start-ups since elements such as these would be unlikely to change in the course of the Sandbox period. However, it appears that MAS is not persuaded on this point. MAS said that at the point in time when the Sandbox is sought, the Applicant ought to be conscious of the relevant legal and regulatory requirements it would be required to meet when it eventually exits the Sandbox, and to plan for this accordingly. Thus, if it is anticipated that there would be a compliance gap in respect of the element of “management experience” during the experimentation period, steps should be taken to employ individuals with the requisite experience in order that the gap be closed upon exit from the Sandbox.
Application and Approval Process
The timeline for the Sandbox approval process is now confirmed to be as follows:
A) No “Pre-Application Stage”
Despite suggestions from respondents, MAS declined to include a “pre-application stage” within the process. MAS pointed out that potential applicants can already engage MAS to seek guidance on relevant regulatory requirements and concerns, which serves a similar purpose.
B) Overall Timeline
In the Consultation Paper, MAS had proposed that, upon receipt of a complete and final set of information for assessment, it will inform the Applicant about its potential suitability for a Sandbox within 21 working days. Some respondents had suggested that the 21-day period for a preliminary indication could be shortened to perhaps 10 days, while others had suggested that a maximum time ought to be specified for a final decision on a Sandbox application. However, these suggestions do not appear to have been accepted. While MAS has recognised that a more definitive timeline will provide certainty, it also pointed out that applications have tended to be incomplete, and this has led to the need for extensive engagements and clarifications before processing could begin. MAS has therefore held to the timeline of giving a provisional decision within 21 days, with no fixed timing for completion of evaluation of the application proper. However, MAS did state that it would closely monitor timelines to ensure that the objective of the Sandbox regime is not derailed. MAS also declined to consider an automated-approval process as it felt that in all cases, it remains essential for them to obtain a good understanding of the FinTech solution before granting a Sandbox.
C) Experimentation Stage
If approved, the Sandbox is launched into the experimentation stage (previously called the “in-progress stage”). During this period, the Applicant will be required to notify affected customers that the FinTech solution is being operated within the confines of the Sandbox, and to disclose to them the key risks associated with the FinTech solution. The Applicant must obtain the customers’ acknowledgement that they understand the nature of these risks.
During this stage, MAS will also allow the Applicant to amend the FinTech solution or to extend the Sandbox period, if this is thought to be necessary. MAS will have to be notified at least one month in advance and the details of the changes sought and the reasons for the same must be provided. Decisions on such applications will be assessed on a case-by-case basis. Any decision made on such applications would be final.
Confidentiality of Applications
In relation to confidentiality, some respondents had suggested that MAS published decisions on applications that have been approved or rejected, in order to give guidance in future cases, while others had expressed concerns for MAS to do so, given the confidentiality of proprietary information. In response, MAS has agreed that it was important that there be transparency in the decision-making process, but also acknowledged that it was equally important to maintain confidentiality of proprietary information. As such, it has decided that it would only publish details of approved applications on the MAS website while ensuring that sensitive proprietary information continues to be kept confidential.
The Guidelines have taken effect from 16 November 2016.
This Financial Services Regulatory Update is published by the Financial Services Regulatory Practice of Shook Lin & Bok LLP. If you need more information on the subject of this Update or if you wish to learn more of how the Financial Services Regulatory Practice could assist or support you, please contact Eric Chan.