The fintech sector in Asia-Pacific is booming and, following in the footsteps of the UK, regulators across the region have set up sandboxes to encourage fintech innovation and competition. But there are also challenges, writes Simon Hawkins

In recent years, the term ‘fintech’ has become ubiquitous in the financial services world, but it is worth remembering that the use of technology in finance certainly is not a new concept for regulators – they have been following fintech developments for decades and adjusting rules, regulations and procedures to address the intersection of technology and finance (think ATMs, online banking and dematerialized securities markets).

However, the rapid pace of technological development in recent years and the creation of fundamentally new concepts – such as distributed ledger technology, which can be used to completely disintermediate traditional financial services players – is making it more challenging than ever for regulators to adapt to technology-driven changes in the financial services industry.

One regulatory response that has emerged is the regulatory sandbox – a “safe space” in which businesses can test innovative products, services, business models and delivery mechanisms without immediately incurring all the normal regulatory consequences of engaging in the activity in question (e.g., the requirement to be licensed and supervised by a financial services regulator).

Not only can sandboxes foster innovation and competition, they also can help ensure that regulators understand how innovative companies or businesses are developing.

Regulators are then well placed to adapt local regulations, or recommend such adaptations to lawmakers, to better suit the evolving financial services landscape. Importantly, it is the regulators that set the rules for the sandboxes, allowing them to apply safeguards and controls with a view to ensuring that consumers and financial stability are properly protected.

Sandboxes in Asia-Pacific

Since the UK’s Financial Conduct Authority (FCA) announced the first regulatory sandbox in 2015, numerous regulators around the world have adopted the concept. This is particularly apparent in the Asia-Pacific, where regulators in many of the region’s financial centres, including Hong Kong and Singapore, have launched sandboxes designed to suit their local laws, regulations and policy objectives.

Each sandbox is different, with varying rules and eligibility criteria. In Hong Kong, for example, until recently the only sandbox was operated by the Hong Kong Monetary Authority (HKMA) and participation was limited to “authorized institutions” (banks and deposit takers already regulated by the HKMA). This meant that fintech start-ups needed to partner with an “authorized institution” in order to gain access to the sandbox. Meanwhile, Hong Kong’s securities and insurance regulators, the Securities and Futures Commission (SFC) and the Insurance Authority (IA), opted not to establish sandboxes, preferring instead to open fintech “contact points” through which fintech start-ups could engage informally with the regulators.

In Australia, companies are permitted to carry on certain activities within the sandbox operated by the Australian Securities and Investments Commission (ASIC) without any specific regulatory licence or authorization, instead relying on a “fintech licensing exemption”. Australia also allows more open access to its sandbox compared to other sandboxes in the Asia-Pacific – companies do not need to apply to ASIC to participate, and only need to notify ASIC that they intend to operate under the fintech licensing exemption.

In Southeast Asia, the Monetary Authority of Singapore (MAS) has led the way in developing the most sophisticated sandbox in that region, consistent with the Singapore government’s ambition for the city-state to be a global centre for fintech innovation. Most recently, the MAS has suggested that so-called initial coin offerings (ICOs) could be “ring-fenced” using a sandbox, in order to keep tighter checks on this innovative but controversial method of financing.

The accompanying table summarizes some of the core information about, and potential benefits of, fintech regulatory sandboxes in the Asia-Pacific.

What are the benefits?

Sandboxes certainly can be used to foster innovation, allowing new products and services to come to market. This benefits consumers by increasing choice, reducing costs and promoting financial inclusion.

Sandboxes also can be mutually beneficial for both regulators and participating companies. Sandbox participants often benefit from certain concessions (such as modifications to rules that otherwise may present a significant barrier to entry into the relevant market) and regular contact with the regulator. This helps participants to understand how the regulatory framework applies to them, and allows them to come to market much more quickly and at a lower cost than if they had gone through traditional channels.

For regulators, the sandbox affords a valuable learning experience, allowing them to understand new technological advancements and business models that may not conveniently fit into existing regulatory frameworks. Regulators also set the rules, so they can control and customize the terms and conditions on which businesses can participate in the sandbox.

Sandboxes come with safeguards, which can be designed to allow some potentially riskier products and services to be tested without fear of harming consumers. This means there is more scope for new ideas to be trialed that might not otherwise proceed to market. It is also beneficial for companies to be able to carry out small-scale testing in order to gauge potential consumer interest in their offerings.

The challenges

While some sandboxes are designed to allow unlimited participants, provided they meet the eligibility criteria, others have limited capacity, meaning competition for spaces. Many sandboxes also are either aimed at existing regulated businesses or require fintech companies to partner with an existing regulated firm, meaning reasonably high barriers to entry still exist for small start-ups (not to mention that the start-up company also has to negotiate with a financial institution and agree how they will work together in the sandbox).

In some cases, eligibility criteria can be prohibitive, or the business model may not be sufficiently advanced to begin testing. Regulators will also be limited in what they can do in terms of rule waivers, because typically they are not empowered to vary or waive requirements that are enshrined in primary legislation. A number of sandboxes also restrict participation to companies that are incorporated in the jurisdiction of the relevant sandbox, or where the product offering has some connection to that jurisdiction.

It is also important that sandboxes, while conducive to innovation, are not seen as a panacea. If innovation truly is the goal, a sandbox must be part of a much broader strategy by regulators. For example, regulators actively need to think about whether elements of the regulatory framework remain fit for purpose, or whether they need to be adapted in light of experiences in the sandbox.

Regulators may also need to offer additional support to businesses transitioning out of the sandbox, and businesses that do not meet the sandbox criteria but are nevertheless trying to navigate a challenging regulatory framework to bring new products and services to market.

Lessons from the UK

On 20 October 2017, the FCA published a “lessons learned report” on its regulatory sandbox, reflecting on how the sandbox has met its objectives over its first year of operation. Although these lessons are specific to the UK market, some of the FCA’s findings and observations should be of broader interest to the international fintech community.

The FCA has seen many companies apply new technologies to traditional products or services. Unsurprisingly, distributed ledger technology has been the most popular technology employed by the FCA sandbox. Small-scale testing has helped companies reveal potential benefits, better understand the risks involved, and improve their risk management processes.

It has also allowed companies to assess both consumer uptake and commercial viability while operating on a limited scale. These findings support the proposition that testing technology, products and services in a sandbox environment can benefit fintech companies, regulators and, ultimately, consumers.

As part of the challenges, the report flags in particular the lack of access to banking services – often as a result of banks “de-risking” due to perceived money laundering and terrorist financing risks – as a real barrier. This theme is also apparent in the Asia-Pacific, where banks in some jurisdictions have begun de-risking in relation to certain fintech companies, particularly those involved with, or with exposures to, cryptocurrencies or cryptocurrency businesses.

While the FCA’s report acknowledges that limited access to banking services poses a threat to innovation, it offers little reassurance that regulators will address the issue.

What comes next?

Sandboxes are still very new and, in some cases, very limited in scope. Regulators in some Asia-Pacific jurisdictions have published data about usage of their sandboxes, showing that the sandboxes are indeed being used, and are achieving the desired outcome of encouraging certain types of fintech innovation. However, none of these regulators has published a detailed lessons learned-type report, which would be a helpful source of information for fintech companies and the general public to clearly assess the performance of the sandboxes.

Fintech companies, or financial institutions considering participating in a sandbox in the Asia-Pacific, should think carefully about where they are applying, the structure of the sandbox scheme in that jurisdiction, and the challenges that have been encountered by participants so far.

Given the global nature of many fintech initiatives, there is an argument for removing jurisdictional restrictions that apply to a number of sandboxes, to allow innovative companies the flexibility to choose where to test their new technology, products or services. However, with limited resources allocated to sandbox testing, this may not be realistic, as regulators will likely prioritize the needs of national companies.

Jurisdiction & regulator
Launch date
Target firms
Key Benefits
Hong Kong
The HKMA’s sandbox originally launched in September 2016. An enhanced version of the sandbox, the Fintech Supervisory Sandbox (FSS 2.0), is scheduled to go live before the end of 2017
“Authorised Institutions” (banks and deposit-taking companies that are regulated by the HKMA) and Fintech/tech companies collaborating with those institutions
Under the original version of the sandbox, some of the usual regulatory standards could be relaxed, on a case-by-case basis (e.g. security-related requirements for electronic banking services).
The new features of the FSS 2.0 will include:
A virtual “Fintech supervisory chatroom”, aimed to provide quick responses to questions
Tech firms may have direct access to FSS 2.0 by seeking feedback from the chatroom without having to rely on an authorised institution’s participation in the sandbox
Linking the FSS 2.0 with sandboxes run by the other Hong Kong regulators (i.e. the SFC and the IA) so that there will be a single point of entry for pilot trials of cross-sector Fintech products
Hong Kong
September 2017
Open to existing SFC-licensed corporations (e.g., investment firms, broker dealers, asset managers) and start-up firms that intend to carry on a regulated activity under the Securities and Futures Ordinance (SFO)
Provides a confined regulatory environment for firms to operate regulated activities under the SFO before deploying their Fintech activities on a greater scale.
Firms may, through close dialogue with and supervision by the SFC, readily identify and address risks or concerns relevant to their regulated activities.
Hong Kong
September 2017
Available to authorised insurers (general business and life insurers) in Hong Kong who intend to launch insurtech products/services (i.e., the development and application of technology in the insurance industry) and other technology initiatives
Insurers testing new insurtech initiatives in the sandbox can gain real market data and information about user experiences in a controlled environment.
The IA may relax certain supervisory requirements on a case-by-case basis.
November 2016
All financial institutions (banks, securities/futures intermediaries, insurers, asset managers) and Fintech firms
Usual regulatory standards may be relaxed, on a case-by-case basis. For example, those relating to:
Asset maintenance
Board composition
Cash balances
Credit rating
Financial soundness
Solvency and capital adequacy requirements
Management experience
MAS Guidelines, such as technology risk management and outsourcing
(Securities Commission Malaysia)
Launched in October 2016; first participants licensed in May 2017
Financial institutions (banks, securities/futures intermediaries, insurers, asset managers)
Fintech companies collaborating with financial institutions
Fintech companies intending to carry on a regulated business in the future
Review and adaptation of regulatory requirements or procedures that may unintentionally inhibit innovation
(Bank of Thailand and The Securities and Exchange Commission)
December 2016
The sandbox is open to:
Financial institutions that are licensed in Thailand (and their group companies that conduct financial business)
Non-financial institutions which fall under the supervision of the Bank of Thailand (e.g., non-deposit-taking businesses, like consumer finance)
Fintech firms
Technology firms
The Fintech initiatives proposed by sandbox applicants must relate to:
Payments and fund transfers
Other financial transactions that have similar characteristics to loans, payments and fund transfers
Participants in the sandbox may test their financial products or services in a live but limited environment, without being fully subject to all licensing/ supervision requirements that normally would be applicable
South Korea
(Financial Services Commission)
August 2016
The “Robo Advisor Test Bed Center” is hosted by Koscom Corporation (a subsidiary of the Korea Exchange)
The ‘Test Bed’ allows robo-advisory platforms to test whether their product is suitable for use by the investing public. Applicants in the ‘Test Bed’ are subject to a three-stage examination, which lasts around seven months, before they are formally assessed for approval to commercialise their technology.
Originally launched in December 2016
The remit of the sandbox will be extended in early/mid-2018 after new legislation has been made effective
Fintech businesses seeking to test products and services before they obtain an Australian financial services licence or Australian credit licence
Fintech licensing exemption for 12 months (to be extended to 24 months in 2018)
Waiver or rule modifications
In 2018, the types of products that can be tested in the sandbox will be expanded (e.g., to include certain life insurance and superannuation products)

Simon Hawkins is a Hong-Kong based counsel at Latham & Watkins specializing in financial regulation. Rob Moulton, Andrew Moyle, Charlotte Collins, Brett Carr, Stuart Davis, Fiona Maclean and Alexander Hendry, also contributed to the article.