Giorgio Pavia

Regulatory sandboxes, innovation hubs and indicative milestones. An overview.



In August 2017, the European Banking Authority (EBA) published a Discussion Paper on its approach to financial technology further to its statutory objective, which, among other things, requires the EBA to contribute to enhancing consumer protection, promoting a sound, effective and consistent level of regulation and supervision, preventing regulatory arbitrage and promoting equal competition, and its duty to monitor new and existing financial activities. In particular, EBA identified in the Discussion Paper six areas for further analysis:

  • Authorization and registration regimes and sandboxing/ innovation hub approaches;
  • Prudential risks and opportunities for credit institutions, payment institutions and electronic money institutions;
  • The impact of FinTech on the business models of credit institutions, payment institutions and electronic money institutions;
  • Consumer protection and retail conduct of business issues;
  • The impact of FinTech on the resolution of financial;
  • The impact of FinTech on AML/CFT.

Reply and other 47 respondents come from the Finance, Technology and Regulatory contexts provided proposal and advices on the FinTech six area identified by the EBA survey . Most of respondents focused on the need to strike an appropriate balance between the close monitoring of the regulatory perimeter (the scope of activities required to be authorized) and the need for neutrality in regulatory and supervisory approaches towards new technology applied by incumbent institutions and other FinTech firms. Accordingly, respondents encouraged the EBA to priorities work relating to authorization issues and regulatory sandboxes and to establish a forum in which best practice and convergence in supervisory and regulatory approaches can be promoted in order to foster technological neutrality and innovation across the single market. Respondents also supported the EBA’s proposals in relation to business models and risks and opportunities for institutions.

The conclusion from the consultation on the EBA’s approach to financial technology has been reported in “ The Eba’s Fintech Roadmap ” published by the EBA on March 20183. In this report, the EBA sets out its FinTech Roadmap describing its next steps and indicative milestones for 2018/2019 in light of the feedback received and in alignment with the Commission’s FinTech Action Plan. In particular, the EBA explains the approach it will take in relation to the policy areas identified in the FinTech Discussion Paper and sets out the following priorities for 2018/2019:

  • monitoring the regulatory perimeter, including assessing current authorization and licensing approaches to FinTech firms, analyzing regulatory sandboxes and innovation hubs with a view to developing a set of best practices to enhance consistency and facilitate supervisory coordination;
  • monitoring emerging trends and analyzing the impact on incumbent institutions’ business models and the prudential risks and opportunities arising from the use of FinTech in order to enhance knowledge sharing;
  • promoting best supervisory practices on assessing cybersecurity and promoting a common cyber threat testing framework;
  • addressing consumer issues arising from FinTech, in particular in the areas of unclear regulatory status of FinTech firms and related disclosure to consumers, potential national barriers preventing FinTech firms from scaling up services to consumers across the single market, and assessing the appropriateness of the current regulatory framework for VCs;
  • Identifying and assessing money laundering/terrorist financing risks associated with regulated FinTech firms, technology providers and FinTech solutions.

All of the EBA’s FinTech priority topics will leverage knowledge and expertise from participants in the EBA’s new ‘FinTech Knowledge Hub’. The Hub will provide an overarching forum bringing together competent authorities enabling knowledge sharing on FinTech and to enhance engagement with incumbent and new entrant institutions and other FinTech firms, technology providers and other relevant parties.

The EBA sets out in Figure 1 an indicative timeline for the work on its identified priorities for 2018/2019

fintect graph


As set out in the EBA’s FinTech Roadmap, the EBA is carrying out a comparative assessment of regulatory sandboxes, innovation hubs and other schemes in the Member States with a view to identifying best practices in their design and operation.

The EBA is keen to gain insights from financial institutions, other FinTech firms and technology providers on the operation of existing schemes and planned an industry roundtable on September 3rd 2018.

The roundtable involved a semi-structured discussion on key issues such as scope, entry and exit criteria, transparency, cross-border cooperation, and other aspects to help facilitate the scaling-up of financial innovations across the EU.

Reply participated to the Regulatory Sandbox and Innovation Hub roundtable and also answered to the preliminary and post meeting survey proposed by the EBA to collect feedback from the roundtable attenders. Hereafter, the preliminary survey while in the annex we enclosed the post meeting poll.



  • Is the EU lagging behind other global financial centres in facilitating technology-enabled innovation in financial services (FinTech)?
    Most of responders (68%) said yes.
  • Competent authorities have a good understanding of FinTech. Do you agree?
    Most of responders (66%) disagreed with this affirmation.
  • 3. Are regulatory sandboxes and innovation hubs an effective way of facilitating FinTech in the EU?
    Almost the total of responders (95%) agreed with this affirmation
  • Are you aware of coordination between regulatory sandboxes and innovation hubs in the EU?
    Only the 29% said yes.
  • Do you face other barriers to the cross-border application of FinTech in the EU which cannot be solved by regulatory sandboxes and innovation hubs?
    Most of responders (89%) said yes.

From this survey raised the necessity for EU to accelerate the interventions to facilitate the development of FinTech companies. The competent authority should incentivize such FinTech development playing a more active roles in supporting such process. The regulatory sandbox and the innovation hub represent surely a good opportunity for competent authority to improve the understanding of FinTech and be aware of the risks, needs and opportunities. Furthermore, responders highlighted the necessity of more coordination between regulatory sandboxes and innovation hubs in the EU and a reduction of barriers to the cross-border Fintech application.



EBA recognizes that FinTech can offer a range of benefits, for example it can enhance consumer choice and experience, reduce the costs of financial products and services, promote financial inclusion, drive efficiencies in the provision of financial services, facilitate cost reduction and support more effective compliance and reporting processes.

The EBA has identified a need to support this innovation development with a consistent and technologically neutral regulatory and supervisory approach to FinTech allowing the scaling-up of financial innovations across the Single Market without undermining consumer protection, the level playing field, the integrity of the financial markets, and the stability of the financial system taken as a whole.

In order to reach such purposes, the EBA suggestions are

  • Incentivizing the cooperation between FinTech firms e competent authority: in this way firms can understand the regulator’s expectations, and in the same time the competent authority can understand the opportunities and the risks of Fintech firms;
  • Incentivizing the cross-border scalability of FinTech developments: improving the cooperation between regulatory sandbox and innovation hub of EU;
  • Identifying the best practice to reach such goals.


The 11 participants to roundtable come from Authority and Fintech sectors:




Piers Haben


Slavka Eley


Elizabeth Nicole


Nikola Tchouparov


Marcus Swanepoel


Nicole Sandler


Bernhard Hörtnagl


Philippe-Olivier Rousseau

BNP Paribas

Imran Gulamhuseinwala

Open Banking

Rasmus Engbaek Larsen

Finans Danmark

Vic Arulchandran


Moneyfols, Luno, Nivaura, and the other Fintech companies invited to the EBA roundtable, participated to the UK's Financial Conduct Authority (FCA) Regulatory Sandbox launched in November 2015. The FCA regulatory sandbox is open to authorized firms, unauthorized firms that require authorization and technology businesses. The sandbox aims providing to the firms:

  • the ability to test products and services in a controlled environment;
  • reduced time-to-market at potentially lower cost;
  • support in identifying appropriate consumer protection safeguards to build into new products and services;
  • better access to finance.

The FCA regulatory sandbox also offers tools such as restricted authorization, individual guidance, informal steers, waivers and no enforcement action letters. FCA closely oversee tests using a customized regulatory environment for each test – including safeguards for consumers.

Sandbox tests are expected to have a clear objective (e.g. reducing costs to consumers) and to be conducted on a small scale, so firms will test their innovation for limited duration with a limited number of customers. Until now FCA has opened 4 cohorts:

  • First cohort (application window closed on 8 July 2016): on 69 applications, 24 were accepted, and 18 firms tested as part of cohort 1 (Nivaura, Luno- BitX);
  • Second cohort (application window closed on 19 January 2017): on 77 applications. there were 31 applications that met the sandbox eligibility, but only 24 firms were ready to begin testing (Moneyfold - Money Dashboard, Nivaura);
  • Third cohort: on 61 applications for cohort 3 , 18 firms have been accepted (Barclays);
  • Fourth cohort: on 69 application, 29 firms have been accepted.


Definition of Regulatory Sandbox
Regulatory Sandbox are schemes set up by competent authorities to enable firms to test, pursuant to a plan agreed and monitored by a dedicated function of the relevant authority, innovative products, services, business model or delivery mechanism related to the carrying out of financial services.
Typically they involve several phases:

fintech graph2

Application: to participate in sandbox

  • Firm submits an application such as Innovation assessment, commercial feasibility, team background (funding, competences), Legal and regulatory risks and mitigation measures, contribution with financial institution (some countries require banks to support the pilot);
  • Application judged against publically available criteria;
  • Decision on participation made by the competent authority.

Preparation: after accepting into sandbox

  • Testing parameters determined by the competent authority;
  • Where the activity will involve the carrying out of a regulated activity and the appropriate license is not held already, the firm must apply for the appropriate license;
  • Identify measures to determine success or failure;
  • Identify areas that require further actions;
  • Agree on measures for customer safeguards;
  • Provide exit strategy;
  • Provide transaction plan after sandbox period;
  • Set the time period of sandbox.

Testing: after agreeing on parameters

  • Testing window where firm is able to test its proposition;
  • Competent authority monitors the testing process;
  • Firms submit regular reports on testing results based on parameters agreed;
  • Fulfil further actions (e.g. hiring professional firms for audit and cybersecurity);
  • Ensure compliance with customer safeguards set between participants and regulator.

Evaluation: after completing the testing

  • Results of test reviewed and evaluated;
  • Decision taken on the most appropriate approach to exiting the sandbox;
  • As appropriate, removal of limitations or restrictions imposed for the purposes of the testing phase, or discontinuation of license;
  • Apply required licenses;
  • Stop service and inform existing clients, if fail to pass the test.


These are the questions addressed to the roundtable participants:

Objectives: What is the added value of a regulatory sandbox?

Regulatory sandboxes provide an environment of reduced regulatory constraints on innovative financial products and services. They enable financial services innovators - both incumbents and startups - to test new products and services in a "safe area", providing greater flexibility or even exemptions from existing regulation.

Sandboxes can be highly valuable to financial services institutions in several important ways:

  • They reduce the time and cost of getting innovation to market with competitive advantages for the innovators that enter in the sandbox;
  • They provide innovators with greater access to finance by reducing risks of client adoption and increasing returns on capital investment;
  • They enable innovators to work with regulators to ensure new development of technologies and business models aligns with regulations. Thanks to this cooperation, firms can understand the regulator’s expectation and the competent authority can understand the opportunity and the risk incurred by the innovation firms;
  • Reduce regulatory uncertainty thanks cooperation between regulators and FinTech firms that participate to the regulatory sandbox. It can be also useful in case of cross-border cooperation;
  • Risk mitigation for innovators and consequently customer’s protections: innovators can test the innovation product in a safe and controlled environment with the supervision of regulator; if the product has some concerns, during the sandbox period, appropriate adjustment can be done before the product is launched.

Scope: How should eligibility be determined? Is there a need to distinguish between incumbents, new entrants and technology providers?

By our point of view the eligibility criteria should be determined according to the following criteria:

  • typology of innovation: it should be coherent with the purpose of sandbox and take advantages from the technology tools that the supervisors of regulatory sandbox provide;
  • genuine innovation: the service should offer no comparable services or products that are already established on the market;
  • delimitation of the market: the offered service should refer to the specific market with specific regulation (e.g. UK or other country);
  • consumers benefits: the innovation should offer a good prospect of identifiable benefit to consumers;
  • ready to test: immediate availability to start the tests;
  • purpose of participation: the deliverables expected at the end of sandbox period should be suitable for the market and ready to be used by target consumers;
  • transaction strategy from sandbox to real market: defining the launch strategy and the possible roll-back solution in case of failure;
  • risk disclosure and mitigation actions: disclosure of risks to consumers and also to businesses and possible mitigation actions if necessary.

By our point of view, the above criteria should apply to those who apply for participation in the sandbox without distinction between incumbents, new entrants and technology providers.

Admission and testing: How can risks be mitigated? Are testing parameters helpful? (e.g. limits on geographic locations and number of consumers, time limit for the test)?

The regulatory sandbox limits (e.g. Limits on geographic location, number of consumers, time limit for the test, limit on the amount of transactions in case of financial services, and so on) are necessary to mitigate the risks. When a sandbox operates in the production environment, it must have a well-defined space and duration for the proposed financial service to be launched, within which the consequences of failure can be contained.

The appropriate boundary conditions should be clearly defined by regulators so to allow sufficient protection of the interests of consumers and to maintain the safety and soundness of the industry. That’s why, the regulators should choose carefully the entry criteria when create the sandbox, predetermining the following items:

  • Start and end date of the sandbox;
  • Target customer type;
  • Limit on the number of customers involved;
  • Other quantifiable limits such as transaction thresholds or cash holding limits;
  • Typology of risk that can be accepted into the sandbox;
  • Obligations to ask to participants according to the level of risk level contributed by the participant;
  • Prudential requirements to ask to participant, as statutory/liquidity requirements, minimum paid-up capital, capital adequacy, license fees, Technology risk management, Management experience.

Evaluation and exit: Should outcome be shared with other component authorities? Should outcomes be made public?

In order to share the outcome, a final report with the “lesson learned” can explain how the firms that have participated to the sandbox have met its objectives and how the regulators acted and intervened when necessary.

By our point of view, the outcomes of the regulatory sandbox should be published detailing the executed tests and the final result they have obtained. Adding to this, it can be considered very useful for the other FinTech environment actors to be aware about the main critical issues and the challenges that the sandbox participants faced in testing their innovation and the implemented actions / solutions that allow successfully pass the tests. This can speed-up the Fintech development and contribute for promoting competition in the market. Obviously, it is also necessary to take into consideration the needed to protect commercially sensitive information avoiding to compromise the competitive advantage of each participant.

In order to strike a good balance between the objective of protecting commercially sensitive information, and the benefits of sharing the outcomes of sandbox tests, we suggest the following precautions:

  • The regulatory sandbox should ensure the Intellectual Property (IP) protection and the other sensitive information for each company that participate to the testing through multilateral NDA agreements between regulators and participants and also between participants and participants. The transparency should be ensured firstly between regulators and each company. The agreements can contain the indication of limits of disclosure that each participants accept;
  • Another possibility is to allow to the participant to decide with whom to share specific results and with whom not. In fact, a company can prefer to create synergies with a specific companies from its own sector rather than with the entire panel of participants or with the rest of market;
  • The results of testing and all the other outcomes not necessary should contain the sensitive information that represents the competitive advantage for the company.

Coordination: Do issues arise that go beyond the scope of component authorities and require coordination with other authorities (e.g. data protection)?

Issues that go beyond the scope of component authorities and require coordination with other authorities are very probable if the regulatory sandbox perimeter is not well pre-defined. That’s why the entry criteria such typology of innovation is very useful. A possible solution could be to reinforce the specificity of the regulatory sandboxes so as to minimize the risk of leaving the regulatory framework envisaged. A big effort should be done in the preparation phase. At the same time, greater coordination between regulators should be ensured in order to involve other authority when necessary.

Roll-out across the EU: What can be done to facilitate scaling-up across the EU? Simultaneous testing in more than one Member State? Transferability of outcome to the other Member State?

In order to facilitate the EU cross-border development of the innovative technologies, among the regulatory sandbox could be useful planning several macro scenarios, for each innovative technology, and perturb specific key economic and/or compliance variable simultaneously. The results must be collected in a standard templates and then supervisors will evaluate the overall impact of homogeneous technologies on its regulatory and economic framework.



The Innovation Hub is designed such as a community portal where the participants are: firms, incumbents’ institution and authorities. The aims of the Innovation Hub is to seek clarification on Fintech issues, submitted by companies, from the authorities involved in the innovation topics, as shown in Figure 2.

fintech graph 3

The discussion was focused around the following questions addressed to the roundtable participants:

  • Objectives: What is the added value of an innovation hub?

The aims of the Innovation Hub is to speed up the solution of concerns and issue related to Fintech topics jointly with the support of authorities. Some participants of the panel list pointed out that Innovation Hub also can regard how to find the investors and funds.

  • Scope: Should innovation hubs be open to all firms, or only new entrants?

The eligibility criteria of the Innovation Hub have been handle at highest level during the roundtable. One the main criteria regarding the eligibility of the participants must be the detailed description of type of innovation idea that imply the selection of the authorities (who is the most appropriate ones) must support the firms on the queries posted.

  • User Interface: What is the most user-friendly interface (online portal, telephone, meetings, combination?)? Are enquiry forms helpful?

The EBA roundtable focused that the most appropriate tool to be used is the online portal where applicants and regulatory can exchange, respectively, doubt and advice as showed in Figure 2.

  • Transparency: Should outcomes be shared with other competent authorities? Should outcomes be made public?

The debate was mainly focused on the outcome to be made public. The participants would like to access to the outcomes hold by competent authorities thus they agree on the public sharing. On the other hand, the authority’s position is more restrictive and prudent because the outcomes can be misleading in some case, since it is shared with a greater audience, and they want to select the items to be disclosure.

  • Coordination: Is there a need for coordination between competent authorities (e.g. in terms of knowledge sharing, promoting a common and technologically neutral approach)? If so, what is the best tool to promote coordination?

The coordination among authorities was also a key topic of the roundtable because it is critical both for the solution provided inside the Innovation Hub and for the cross-border scaling-up of Fintech. Both panel list and audience agreed that needed a structured governance among national supervisors and European ones. The discussion was also focused on the usefulness of the Global Financial Innovation Network , where twelve financial services regulators around the world are going to organize on the Fintech sector. Some participants highlighted a concern with regard the lack of participation of European Union and domestic’s authorities.



The participation at the EBA roundtable has been very useful in order to understand the authority’s position regarding Fintech and the point of view by audience of around 100 participants. The EBA’s overview about the utilization of the Fintech is appreciated, therefore it has a strong interest on its application under a consistent and well-structured regulatory framework. The authorities, in order to follow the high rate of growth of the new technology in the financial services, are analyzing the advantage of using the new technologies to digitalize the regulatory and reporting processes, thus the concept of “ SupTech”.
The companies interested in using FinTech (financial institution, new entrants and technology providers) want to access to regulatory sandbox in order to work close to authority. In this framework a possible scenario could be:

  • authorities have to grant support and supply the governance of the regulatory sandbox for those companies match the eligibility criteria;
  • Fintech companies want to access to regulatory sandbox – before other competitors – and successful complete the sandbox period, in order to be the pioneers in the market to operate with its innovation idea.
  • For a Fintech company completing successfully the sandbox means increase the credibility versus the consumers and the market and in some case getting access to government funds.


Reply wants to be a key point of contact for both domestic Supervisors and FinTech companies (financial institutions, incumbent’s institution and new entrants) in order to:

  • Set up regulatory sandbox;
  • Provide regulatory assistance and consulting for the sandbox configuration;
  • Advice and assist the Fintech companies in order to complete the sandbox period;
  • Support authorities on innovative products, services and technologies;
  • Building regulatory sandbox and innovation hub prototypes.