Overview of Regulatory Sandbox Regimes in Australia, Hong Kong, Malaysia, Singapore, and the UK


Time to read

2 Minutes

Since the UK proposed its regulatory sandbox regime in November 2015, countries in the Asia Pacific region have been quick to follow suit. Regimes in Hong Kong, Malaysia and the UK have come into effect, and Australia and Singapore are expected to release final details of their regime soon.

This regulatory ‘safe space’ is commonly known amongst financial technology enthusiasts as a ‘regulatory sandbox’. At the most basic level, this sandbox creates an environment for businesses to test products with less risk of being ‘punished’ by the regulator. In exchange for more flexible standards, regulators tend to require applicants to incorporate appropriate safeguards in their testing models. These safeguards range from customer protection measures (eg, requiring informed consent), financial limits (eg, limiting the amount of money that can be invested by a customer), and various risk controls (eg, fraud detection, cyber security, etc).

Amongst the key drivers for a sandbox is the ability to facilitate innovation and competition, while ensuring that society can enjoy the benefits of innovative fintech offerings in a less risky environment.

A comparison of the different regimes

With the exception of Australia, applicants must generally fulfil the following minimum criteria to gain entry into the sandbox:

  • the product is innovative;
  • the product will benefit consumers; and
  • the applicant has considered, and will put in place, appropriate safeguards to manage risks and protect consumers.

As part of outlining the scope of their test, applicants will need to specify the expected timeframe for the test. This is important as certain regulators have specified a maximum timeframe for how long applicants can remain in a sandbox (eg, Malaysia) and issued guidance on what an ‘appropriate duration’ would be (eg, the UK). Also noteworthy is that certain regulators (eg, Malaysia and Singapore) require applicants to show that they intend to deploy the product in the respective country upon exit.

We also note that the Hong Kong sandbox regime is only open to institutions authorised under the Banking Ordinance and under the supervision of the Hong Kong Monetary Authority, ie, licensed banks, restricted licence banks, and deposit-taking companies. As such, non-authorised institutions will need to partner with authorised institutions to trial their fintech offerings.

Australia's proposal is for a conditional, industry-wide exemption to allow new Australian businesses to test certain financial services for six months without holding an Australian Financial Services (‘AFS’) licence. The exemption would only apply to: (i) giving financial advice in relation to listed or quoted Australian securities, simple managed investment schemes and deposit products; or (ii) arranging for other persons to deal with these products. Existing AFS licensees are not eligible to rely on the exemption.

We expect regimes to change over time as a consequence of feedback from the public and participants.

What next for fintech firms?

A regulatory sandbox is especially helpful for parties who want to bring their fintech products to the market but are grappling with regulatory uncertainty. Furthermore, entering into a sandbox offers opportunities to engage with regulators who in turn may use their increased insight and knowledge to create a more favourable environment for fintech firms.

While sandbox regimes around the world are still in the process of being finalised, we recommend that fintech firms take the opportunity now to:

  • consider whether there are any present avenues in the existing regulatory regime which will enable them to pursue their objectives; and
  • assess the different sandbox regimes so that if this turns out to be the best course of action for their business, they are ready to act once applications open (or, in the case of Australia, once the exemption commences).

This post is a summary of Herbert Smith Freehills’ briefing which can be found here. Since the publication of our briefing, the Monetary Authority of Singapore and Bank Negara Malaysia have completed their consultation processes and their regulatory sandbox frameworks became effective from 16 November and 18 October 2016, respectively. In light of feedback from the public, both regulators have updated their frameworks to clarify the eligibility criteria for entry into the sandbox. The UK's Financial Conduct Authority has also released details of the 18 firms that were successful in their applications to begin testing in the first cohort of the regulatory sandbox.

This post comes to us from Herbert Smith Freehills, and it has been authored by partners Will Hallatt, Damien Bailey, Siddhartha Sivaramakrishnan, Mark Robinson, and Karen Anderson.


With the support of