A Few Thoughts on Regulatory Sandboxes

By Dan Quan, Adjunct Scholar, Center for Monetary and Financial Alternatives, Cato Institute 

Regulatory sandboxes are no longer a new or exotic concept. The UK Financial Conduct Authority (FCA) is credited with creating the first formal regulatory sandbox and propagating the concept throughout the world.  Although there is no consensus on the definition of a sandbox, the FCA has defined it as “a ‘safe space’ in which businesses can test innovative products, services, business models and delivery mechanisms without immediately incurring all the normal regulatory consequences of engaging in the activity in question.”  In the U.S., the Consumer Financial Protection Bureau (CFPB) was the first regulatory agency to set up a dedicated fintech office to study fintech and provide assistance to promote consumer friendly innovation. While the CFPB didn’t announce its intention to formally adopt a sandbox until late last year, it did have policies—such as the No Action Letter (NAL) policy—that performed many of the functions of a sandbox. Other agencies, including the OCC, CFTC, SEC, and FDIC, have all set up fintech offices, though none have created regulatory sandboxes so far. At the state level, Arizona, Wyoming, and Utah have launched sandboxes, and other states are at various stages of exploration.

While interest in regulatory sandboxes is strong, many concerns, reservations, and even suspicions remain. SEC Commissioner Hester Peirce, who supports open dialogues between the regulator and the regulated, worries that regulators “facilitating and hosting the sandbox” may play the role of gatekeeper, slowing down or even halting innovation.  Former New York Department of Financial Services Superintendent Maria Vullo famously said, “Toddlers play in sandboxes. Adults play by the rules.” A Financial Times article considers a“fintech sandbox” a harmful regulatory approach for consumers. Consumer groups overwhelmingly oppose the CFPB’s sandbox proposal, as do a large number of state AGs. With negative connotations in certain jurisdictions, it is no wonder that a group of regulators, when deciding to form a “global sandbox,” chose a different name: Global Financial Innovation Network, or GFIN.

Why are there such divergent views on a seemingly benign regulatory tool?  Can a sandbox truly promote innovation, or is it nothing but a loophole big enough to drive a truck through? Or, as Commissioner Peirce warns, might sandboxes become a barrier against financial innovation?

It is true that some sandboxes are nothing but shiny toys with lots of fanfare and no substance. There are far fewer sandbox success stories than there are critiques of unsuccessful sandboxes. Consumer groups are right to observe that sandboxes, just like any tool, can be misused or even abused. However, a well-designed and executed sandbox can facilitate innovation and protect consumers, avoiding the pitfalls that concern many critics.

 With innovation taking place at a breakneck speed, regulatory agencies need to actively seek tounderstand the benefits and risks of innovation, while developing appropriate policies, guidance, and/or regulations to reap those benefits, protect consumers, and safeguard the financial system. Yet rapid fintech development has brought with it regulatory uncertainty and regulatory fear, which I explored in an American Banker op-ed last year. Simply put, regulatory uncertainty is the result of outdated regulations unable to catch up with innovation.  Regulatory fear, on the other hand, is caused by risk-averse regulators unwilling or unable to green-light novel products that may be perfectly compliant with regulations. It’s possible, I argued then in the context of the CFPB, to design a sandbox that reduces both regulatory uncertainty and regulatory fear. My recommendations at the time were for a narrowly defined sandbox, equivalent to allowing firms to “run experiments” or receive “temporary regulatory relief.”  Here I would like to take a much broader view of a sandbox, one that includes not only testing and piloting but also focuses on knowledge building and innovation-friendly policymaking. 

First, a dedicated outreach strategy is in many ways the most essential element of a sandbox. Without a solid understanding of the fast-paced fintech market, regulatory sandboxes will not function properly. The CFPB’s Office Hours was a popular and effective program from the start, attracting lots of fintech firms to voluntarily share information. The information gathered enabled the CFPB to establish its “street cred” among fintechs by pushing pro-innovation policies. Not surprisingly, the OCC and CFTC followed suit by launching their respective fintech initiatives.  Similarly, Chairman Jelena McWilliams made an effort to meet with leading fintech CEOs even before establishing a fintech office at the FDIC. Yet engagement is not “listening only.” Meetings and information sharing programs are two-way streets. Candid viewpoint exchanges benefit both regulators and the regulated: Agencies receive market insight and are able to make more informed policy decisions; the regulated get regulatory insight and are able to make more informed product decisions. Curiously, the CFPB seems to have tapered down its proactive outreach effort. Perhaps they have been busy establishing the Office of Innovation, but the Bureau should note that Silicon Valley will move on even if regulators stall.

Second, promoting innovation-friendly policies can enhance the impact of sandboxes. A sandbox does not need to narrowly focus on issuing waivers or no action letters, or on running pilots—which many mistakenly believe are the only things sandboxes should do. The CFPB was able to establish thought leadership by promoting policies that had a broad impact on the entire ecosystem. Such policies included facilitating consumer-permissioned data access, adopting machine learning and alternative data in credit underwriting, and providing safe harbors for earned wage access models in payday-loan regulations. Those efforts were arguably more significant than running a few experiments or issuing a few waivers, though the latter surely tend to draw more headlines.

Third, regulatory relief and testing are important when it comes to bringing novel products to market. Nonetheless, as I argued in my American Banker op-ed, real regulatory uncertainty only accounts for a small percentage of regulatory issues that fintech upstarts face. As a result, it makes little sense for a financial regulatory agency to spend too many resources on developing waiver or waiver-like policies. Rather, its focus should be on removing obstacles to launching new products that may be not only fully compliant but also welfare-improving. Promoting collaboration between supervised banks and third parties is one area that deserves more attention. The OCC is currently considering a pilot program that falls under this category. And while the CFPB’s current sandbox proposals focus on removing regulatory uncertainty, they need to also give appropriate consideration to addressing regulatory fear. It is also important to take a data-driven approach when approving pilots or issuing regulatory relief. Information sharing and the ability to monitor experiments are key ways to ensure regulators can draw lessons from the sandbox.

Fourth, regulatory agencies should avoid having a sandbox simply for the sake of having a sandbox. Launching and running a sandbox is no small undertaking. It requires a lot of learning and consumes human and financial resources. According to a report commissioned by the United Nations Secretary-General’s Special Advocate for Inclusive Finance for Development (UNSGSA), “around a quarter of regulators have launched sandbox initiatives without first evaluating feasibility, demand, potential outcomes, or collateral effects.”  The report further concludes that sandboxes are “not always the answer for regulating inclusive fintech.”

Fifth, regulatory agencies should not view sandboxes as the sole or even the main avenue to encourage innovation. A flexible regulatory regime, where rules of the road are clear and regulators are willing to provide guidance when uncertainty arises, is the best mechanism for promoting innovation. Hence regulators should spend the bulk of their efforts on long term policymaking and rulemaking.  The most a sandbox can do is provide temporary relief to a small number of market participants. Agencies should take advantage of sandbox experiments to design lasting policies that benefit the entire ecosystem.  For example, the CFPB has already issued a no action letter to promote responsible use of machine learning in credit underwriting. Through this exercise, the agency has gained a good amount of knowledge and expertise and tested a framework that can help reduce the disparate impact compliance risk. Instead of issuing similar letters to other participants, the agency should issue guidance for public feedback so that the entire market can benefit.

A regulatory sandbox is an interesting regulatory innovation of its own. If used smartly, it can benefit consumers and the economy. The FCA sandbox is one such good example. Unfortunately, too often sandboxes are misunderstood, misused, or mismanaged. Regulatory agencies should use sandboxes to keep up to date with fast-paced innovation and promote market competition without sacrificing consumer protection. Real innovation-minded regulatory agencies see sandboxes as means, not ends.  Real innovation-minded regulatory agencies shun the glitz of sandboxes; rather they take the insights gained from sandboxes to improve rulemaking, supervision, and enforcement policies so that the entire market can benefit.