Apr 17, 2019

How to Build a Good Regulatory Sandbox

Four Principles to Help Policymakers Get It Right
Brian Knight Senior Research Fellow

Regulatory sandboxes for financial services are all the rage these days. The United Kingdom is credited with creating the first sandbox, with other countries like Australia and Singapore following shortly thereafter.  The United States has been a relative laggard on the federal level, but Utah recently followed the examples set by Arizona and Wyoming in establishing its own sandbox, and other states are considering them. The CFPB is also in the process of creating a sandbox for financial products. With all of this activity, it is important for people to understand just what a regulatory sandbox actually is, why they can be a good idea, and how designing them well can mitigate risk.

First, what is a regulatory sandbox? Broadly defined, it is a regulatory environment where, in exchange for supervision and information sharing with the regulator, firms can test a new product or service. This allows firms to assess whether the product works as desired and whether it is in compliance with the law. This can involve regulators relaxing some regulatory requirements for firms, such as allowing a firm to use a “learner’s permit” license instead of going through the process of obtaining a full license. It can also involve waiving certain regulatory requirements that are not necessary to maintain consumer protection. Regulators commonly provide both formal and informal guidance regarding regulatory questions to sandbox firms. Importantly, sandboxes are for a limited time and serve a limited number of customers. Regulators also generally confirm that the firm is able and willing to compensate consumers in the event that the firm’s product or service violates the law and causes the consumer harm.

So why might a sandbox be a good idea? Done well they can benefit innovators, regulators, and consumers. Innovators can get a place to test their products and services and determine whether they work before deciding to launch on a large scale, while limiting their regulatory uncertainty. Regulators also get the advantage of increased transparency and insight into the cutting edge of financial services, and can help innovators design with compliance in mind. Finally, consumers stand to benefit from increased competition and innovation.

However, there is no such thing as a free lunch. While regulatory sandboxes have a lot of potential there is also risk. The risk most discussed is that to consumers. Critics worry that any relaxation in regulatory standards will increase the odds that consumers are harmed. This is why the design and execution of the sandbox are so important and why most, if not all, sandboxes require that firms using them be able to compensate consumers who are harmed if the firm violates the law.

Another less appreciated risk posed by sandboxes is the risk to market competition. Sandboxes present something of a paradox in that for any firm to want to use them. There needs to be a benefit to that firm, but any benefit to one firm in a market may be a disadvantage to all of that firm’s competitors. This is not to say that sandboxes are per se anti-competitive. It is also important to remember that the current regulatory environment favors some competitors over others. Nevertheless, these are real risks that can and should be mitigated to the greatest degree possible.

So what will mitigate the risks while reaping the benefits of sandboxes? A combination of good design, good execution, and good culture. Sounds easy, right? Well, not easy, but at least doable. Here are some principles that policymakers and regulators should consider:

1. Consumer protection is critical. 

It sounds obvious, but that doesn’t make it less important. For this to work consumers need to be willing to participate, and they won’t if your sandbox becomes seen as the place where people get ripped off. This doesn’t mean there can’t be any risk at all, but the risks need to be limited and clearly disclosed. For example, while there is a risk that a product may fail, if that failure is a result of a violation of the law, the consumer should be compensated. This means that when evaluating whether to let a firm participate in a sandbox regulators should make certain all firms have a credible plan to compensate consumers, and the means to execute it if necessary. Likewise, the fact that a product is experimental, and that it is not endorsed by the government, should be clearly and prominently disclosed so only consumers with an appropriate risk appetite participate.

2. The ultimate beneficiaries of the sandbox should include the public, not just the participating firm. 

Sandboxes can benefit the public if they result in a more competitive and innovative market for financial services. However, if they result in select firms getting a lot of government-provided advantages at the expense of the firms’ competitors, then the public may end up worse off. For example, while part of the value of a sandbox is allowing regulators to provide guidance on tricky questions where technology runs up against law, if only the sandbox firm gets the benefit of that guidance, the regulators are acting more like a private law firm that a public body. Maximizing transparency of regulatory findings and guidance, while protecting truly proprietary information, will help the broader public, including other marker participants, benefit from the sandbox.

3. Sandboxes should be as accessible as possible. 

This provides another way to mitigate the risk to competition. In a world of limited resources, regulators won’t be able to include every firm in the sandbox, and not every firm or idea needs a sandbox. To the extent there are multiple, similarly situated firms regulators should consider admitting one firm as a factor in favor of admitting the others. Likewise, the cost and complexity of seeking entry should be kept to a minimum to allow new and small firms to participate.

4. Sandboxes should remain voluntary. 

Another, more subtle risk, is that sandboxes effectively become mandatory, either because the benefits conveyed are too important or the costs of not participating are too high. One example is the mitigation of regulatory risk offered by some sandboxes. It makes sense that a firm who is operating in good faith in a sandbox, providing transparency to regulators, and compensates consumers for harms that result as a violation of the law, is provided with regulatory relief in the form of limited potential liability.  However, a firm acting honestly outside the sandbox who is able and willing to compensate customers doesn’t deserve to be treated much differently. The risk is that regulators will start to see the sandbox as the place where the “good” firms go and view a lack of participation as a reason for suspicion. While participation in a sandbox may be evidence of good faith, non-participation should not be evidence of bad faith or a justification for enhanced penalties. Regulators will need to work to ensure that a “mandatory sandbox” culture does not develop.

As with most things, the devil is going to be in the details, but these general principles should help policymakers develop sandboxes that best provide the very exciting potential benefits while mitigating the risks.

Photo credit: Gage Skidmore/Flickr

Support Mercatus

Your support allows us to continue bridging the gap between academic ideas and real-world policy solutions.Donate