“We’re witnessing the creative destruction of financial services, rearranging itself around the consumer. Who does this in the most relevant, exciting way using data and digital, wins!”
– Arvind Sankaran, Global business leader, Retail Banking & Wealth Management
Indian fin-tech industry has grown exponentially over the years attracting massive funding and large scale investments and has a lot of potential to grow with the advent of different technological and financial tools. Many startups have boomed in this sector of payments, insurance trading etc., making India a global fin-tech hub. These startups are likely to give better financial services to the consumer with low cost and quality products. They will create a more conducive and secured space for the functioning of these financial services and also manage the risks by adopting the best practices. But this sector also comes with certain challenges; the companies have to create innovative products without compromising with the interests of the consumers. It is for this reason that many countries have adopted the “regulatory sandbox” model. India is no exception and recently the Reserve Bank of India (RBI) announced the guidelines for implementation of regulatory sandbox.[i]
In this article, we shall assess the regulatory sandbox, its usage in India and the guidelines issued by RBI, IRDAI and SEBI. Also, the various privacy issues with the regulatory sandbox and how it will contravene with the Personal Data Protection Bill will be analysed. In the end, the article will highlight certain measures and the way forward for regulatory sandbox approach.
Assessing Regulatory Sandboxes
Before we learn anything about assessing regulatory sandbox we must, firstly, understand the meaning of regulatory sandbox. So, it is a framework that allows for live testing of products in a controlled environment for which regulators may permit certain relaxations for the purpose of testing. It facilitates innovation and generation of low cost innovative products. [ii]
Furthermore, Regulatory sandbox will help the innovator to access the real life experience of its product and also the potential risks that may occur. Therefore, it helps in mitigating the risks before launching it in the broader market at a wide scale and help in better delivery of the innovative products. Testing is carried in a safe and secure environment with limited time and customers. This gives assurance to the innovators that they have complied with the due process of law and taken all the necessary safeguards.
The current approach of sand boxing was developed by the UK’s Financial Conduct Authority (FCA). The FCA called regulatory sandboxes a ‘safe space’ where “businesses can test innovative products, services, business models and delivery mechanisms without immediately incurring all the normal regulatory consequences of engaging in the activity in question.” [iii] Regulatory sandbox has many benefits- It promotes competition in the market as all the companies try to improve the efficiency of their products by introducing new technology each time. It addresses the uncertainty of innovation i.e. what is the expected outcome? Thus the financial companies are made aware of the potential risks and try to subvert them by taking necessary measures; it helps in building a constructive dialogue between the regulator and the innovator. It also ensures that modifications can be made at an early stage to ensure acceptability in the market.
Regulatory Sandbox: Guidelines in India
Following the practices of various nations of using regulatory sandbox to foster innovations, India has also developed a regulatory sandbox. Such framework will facilitate the growth of Indian fin-tech industry which has a scope for massive success in the near future. It will help the established players and startups test their products in a real time environment so as to enable them to make certain modifications before launching the product in a bigger market. Launching a deficient product can have serious economic impact for the company and thus the government through this regulatory sandbox provides them the opportunity to compete with the other players by bringing in efficient and effective models. Reserve Bank of India(RBI) has set up a regulatory sandbox which will balance innovation and consumer interest.[iv] The approach here is “learning by doing” for all the players. Any technology launched under this framework should be new or the existing technology should be used in an innovative way. RBI plans to offer relaxations on a case to case basis, for eg. the RBI is clear on crypto currency ban.[v] In addition to RBI, even SEBI (Securities Exchange Board of India) and IRDAI (Insurance Regulatory and Development Authority of India) have also planned to introduce regulatory sandboxes.[vi]
According to SEBI guidelines, [vii] entities registered under SEBI act are also eligible to apply. The entity may themselves participate or take the services of a fin-tech firm. The eligibility is based on many factors and a detailed evaluation process will be undertaken which are clearly prescribed in the guidelines.
IRDAI on the other hand have relatively broader guidelines wherein any person who wants to bring innovation in the insurance sector is eligible to apply. This sandbox looks at insurance products and a panel will be set up which will review the same.[viii]
Regulatory sandbox is still in a nascent stage in India, however, steps are being undertaken to promote innovation which will help in the growth of fin-tech companies. Many states have introduced policies to encourage more startups to boom.[ix] The policies seem good on paper, however their implementation has severe loopholes which should be minimised so that a better output can be delivered.
Privacy Concerns with respect to Data Protection Bill- A Legislative Impact
Even though regulatory sandbox has certain benefits, the concerns still remain and can have serious impacts. Given the way information and communication technology has digitised everything, it has become imperative for the government to adopt practices which results in maximum benefits and curtails the risks. In the context of data privacy, it involves ensuring responsible use of personal data which would not violate an individual’s right to privacy, as it is a fundamental right.[x]
Sandboxes allow relaxations to the parties from stringent rules which involve higher costs and many such regulations. This is based on the assumption that innovation can only occur if these regulations cease to exist as they are a hindrance in the innovation process. One of them being relaxation of data protection provisions for data fiduciaries (i.e. one who collects the data from the customers) which poses risk for the data principals (i.e. customers) and restricts their rights.
In December 2019, Personal Data Protection Bill was introduced in the Parliament which made significant changes to the 2018 bill.[xi] It provides that the Data Protection Authority (DPA) will be entrusted with the task of creating a sandbox. The PDP Bill aims to give certain relaxations to the companies which also include no limitations on the use of personal data. Personal data should be used only after taking the consent of the party and only for lawful purposes. It is understandable that certain relaxations ought to be given to create a safe and secure space but the obligation to seek consent should not be undermined. Also, it is left to the discretion of the authorities to decide whether the customers will be informed about the way their data will be used.
It is appreciated that a concept like regulatory sandbox is finding a place in the fin-tech industry, however, discussions and deliberations on the concept of privacy are important. There should be proper guidelines that data fiduciaries must adopt failing which they should be held liable for punishments. A strong legal mechanism is needed which will take care that the fundamental rights of the individuals are not compromised. A feedback form which will help in knowing what the customer expects from this framework is also necessary. A balance between growth and protection of their rights ought to be created by all the stakeholders involved in the data protection process.
Conclusion and Way Forward
Fin-tech industry has progressed a lot over the span of years but a lot of care needs to be taken to make it consumer friendly. India has a lot to do in terms of innovation and technology; it has a broad market for products and has a scope for tremendous growth. RBI has issued guidelines which clearly reflects that all the concerns will be given due attention and innovation will be balanced with consumer interest which is indeed a great step. Hence, it is rightly said that there can never be a choice between privacy and innovation.
[v] Reserve Bank of India, Prohibition on dealing in Virtual Currencies, RBI.
[x] K. S. Puttuswamy v. Union of India, (2017) 10 SCC 1.
[xi] The Personal Data Protection Bill, 2019, Bill No. 373 of 2019.
Edited By: Ayush Verma.
*Disclaimer: The content of this article is intended to provide a piece of general information. The views are expressed by the Author solely and BFTLR may or may not subscribe to the views of the Author.