ESAs publish joint report on regulatory sandboxes and innovation hubs – Part 2

On January 7th 2019 the European Supervisory Authorities (ESAs) (consisting of ESMA, EBA and EIOPA) published as part of the European Commission’s FinTech Action Plan a joint report on innovation facilitators (i.e. regulatory sandboxes and innovation hubs). The report sets out a comparative analysis of the innovation facilitators established to date within the EU including the presentation of best practices for the design and operation of innovation facilitators.

We take the report as an occasion to present both innovation hubs and regulatory sandboxes in a two-part article. After we highlighted innovation hubs in Part 1, Part 2 will shed some light on regulatory sandboxes.

Regulatory sandboxes – What they are and what their goals are

The EU Commission´s FinTech Action plan provides for regulatory sandboxes to create an environment in which supervision is specifically tailored to innovative firms or services. ESMA’s joint report follows on from the FinTech Action plan and investigates the previous equipment and experience with regulatory sandboxes.

In detail, a regulatory sandbox provides a scheme to enable regulated and unregulated entities to test, pursuant to a specific testing plan agreed and monitored by the competent authority, innovative financial products, financial services or business models under real regulatory conditions before they bring the products to market.

The aim of a regulatory sandbox is to provide a monitored space in which competent authorities and firms can better understand the opportunities and risks presented by innovations and their regulatory treatment through a testing phase. Also, firms can assess the viability of innovative positions, in particular in terms of their application of and their compliance with regulatory and supervisory requirements. However, regulatory sandboxes do not entail the disapplication of regulatory requirements that must be applied as a result of EU law. On the contrary, the baseline assumption for regulatory sandboxes is that firms are required to comply with all relevant regulatory requirements applicable on the activity they are undertaking. The main goal of the regulatory sandboxes, as with the innovation hubs, is therefore to enhance the firms’ understanding of the relevant regulatory issues and, on the other hand, to enhance the competent authorities’ understanding of innovative financial products.

Where they exist and who can participate

At the date of the ESA report, five competent authorities reported operational regulatory sandboxes: Denmark, Lithuania, Netherlands, Poland and UK. The sandboxes are open to incumbent institutions, new entrants and other firms. Moreover, the sandboxes are not limited to a certain part of the financial sector, rather they are cross-sectored (e.g. banking, investment services, payment services and insurances).

How does a regulatory sandbox work exactly?

Typically, regulatory sandboxes involve several phases which can be described as (i) an application phase, (ii) a preparation phase, (iii) a testing phase and (iv) an exit or evaluation phase.

Regulatory Sandbox

In the following, we briefly describe the steps taken in each phases either by the firm or by the competent authority.

Application phase

Firms interested in participating on a regulatory sandbox must submit an application by the competent authority. The applications received are judged by the competent authority against set, transparent, publicly available criteria. These criteria are, e.g. (i) the scope of the propositions, i.e. does the firm’s business model to be tested in the regulatory sandbox involve regulated financial services, (ii) the innovativeness of the firm’s proposition and (iii) the readiness of the firm to test its proposition. Whether the company is ready for a regulatory test phase in the sandbox is judged on the basis whether or not the firm has, e.g., developed a business plan or has obtained the appropriate software license.

Preparation phase

During the preparation phase, the competent authorities work with the firms deemed to be eligible to participate in the regulatory sandboxes to determine:

  • whether or not the proposition to be tested involves a regulated activity. If this is the case and the firm does not already hold the appropriate license, the firm will be required to seek the appropriate license in order to progress to the testing phase,
  • if any operational requirements need to be put in place to support the test (e.g. systems and controls, reporting),
  • the parameters for the test (such as number of clients, restrictions on serving specific clients, restrictions on disclosure),
  • the plan for the engagement between the firm and the competent authority during the testing phase.

Testing phase

The testing phase allows sufficient opportunity for the proposition to be fully tested and for the opportunities and risks to be explored. Throughout the testing phase, the firm is expected to communicate with the competent authority through a direct on-site presence, meetings, regulator calls or pre-agreed written reports. According the ESAs report, the supervision during the testing phase in a regulatory sandbox is experienced as a more intense supervision by the competent authority than the usual supervisory engagement outside the sandbox.

From the perspective of the competent authority, the value of the testing phase in the regulatory sandbox can be found in the opportunity to understand the application of the regulatory framework with regard to the innovative proposition and in the opportunity to built in appropriate safeguards for innovative propositions, for example with regard to consumer protection considerations. On the other hand, the value for the firms can be found in gaining better appreciation of the application of the regulatory scheme and supervisory expectations regarding the innovative propositions.

Evaluation phase

In the evaluation phase, the firm either submits to the authority a final report so that an assessment of the test can be carried out, or the competent authority will evaluate the success of the test by drawing on input provided by the firm. It should be noted that the test can be considered a success in many ways. Thus, not only the result that the product can be successfully established on the market under the tested regulatory conditions can be regarded as a success, but also the recognition that it is not possible for a proposition to be viably applied at the markets in the light of the existing regulatory and supervisory obligations.

Why is there no regulatory sandbox in Germany?

Unlike in Denmark, Lithuania, the Netherlands, Poland and the UK, the German Federal Financial Supervisory Authority (Bundesanstalt für FinanzdienstleistungsaufsichtBaFin) has not set up a regulatory sandbox in Germany. In the past, BaFin promoted the view that each market participant needs to observe all regulatory requirements. One of the reasons behind that was and is the customer protection and equal treatment of companies. BaFin cites the fact that the sandbox model promotes conflicts of interest as the main reason for this:[1] after all, how would a supervisor behave if a FinTech, which BaFin had previously taken care of in its sandbox, did not treat his customers the way it should?[2]


Regulatory sandboxes offer interested companies a good opportunity to test the products they develop under real regulatory conditions and in a supervisory environment specially tailored to innovative companies and therefore to better understand all (regulatory) possibilities and risks on the innovative product. It should be emphasized though that regulatory sandboxes do not apply a supervision light; rather all regulatory requirements must be fulfilled, especially with regard to a required authorisation. However, precise testing under real regulatory conditions and close monitoring by the supervisory authority can provide companies with important insights into their innovative products.

[1] New Year’s press reception of BaFin 2016, Speech by Felix Hufeld, President of BaFin, in Frankfurt am Main on 12 January 2016, available at (accessed on 22 January 2019).

[2] New Year’s press reception of BaFin 2016, Speech by Felix Hufeld, President of BaFin, in Frankfurt am Main on 12 January 2016, available at (accessed on 22 January 2019).