TMI BlogFramework for Regulatory SandboxX X X X Extracts X X X X X X X X Extracts X X X X ..... limited set of real customers for a limited time frame. These features shall be fortified with necessary safeguards for investor protection and risk mitigation. 4. The guidelines pertaining to the functioning of the Regulatory Sandbox are provided at Annexure A. This circular is being issued in exercise of powers conferred under Section 11 (1) of the Securities and Exchange Board of India Act, 1992 and Section 19 of the Depositories Act, 1996 to protect the interests of investors in securities and to promote the development of, and to regulate the securities market. Yours faithfully, Bithin Mahanta Deputy General Manager Division of Technology Cyber Security Market Regulation Department-1 Phone: +91-022-26449634 Email: [email protected] Annexure A A PPLICABILITY 1. All entities registered with SEBI under section 12 of the SEBI Act 1992, shall be eligible for testing in the regulatory sandbox. The entity may either on its own or engage the services of a FinTech firm. In either scenarios, the registered market participant shall be treated as the principal applicant, and shall be solely responsible fo ..... X X X X Extracts X X X X X X X X Extracts X X X X ..... eafter, the application shall be forwarded to the relevant department of SEBI for processing. The flowchart for the application and approval process is depicted at Annexure-2 . SEBI shall communicate with the applicant during the course of evaluating the sandbox application, and during the testing phase. 5. At the Application Stage , SEBI shall review the application and inform of its potential suitability for a sandbox within 30 working days from the submission of the complete application. SEBI may issue guidance to the applicant according to the specific characteristics and risks associated with the proposed solution. SEBI may also consult its Committee on Financial and Regulatory Technologies (CFRT), if necessary, to evaluate the application. 6. At the Evaluation Stage , SEBI shall work with the applicant to determine the specific regulatory requirements and conditions (including test parameters and control boundaries) to be applied to the proposed solution in question. The applicant shall then assess if it is able to meet these requirements. If the applicant is able and willing to meet the proposed regulatory requirements and conditions, the applicant shal ..... X X X X Extracts X X X X X X X X Extracts X X X X ..... nt the tests are deemed successful) or the exit strategy (in the event the tests are not successful) xiii. Any other factors considered relevant by SEBI R EGULATORY EXEMPTIONS 13. To encourage innovation with minimal regulatory burden, SEBI shall consider exemptions/ relaxations, if any, which could be either in the form of a comprehensive exemption from certain regulatory requirements or selective exemptions on a case-by-case basis, depending on the FinTech solution to be tested. 14.Within the overarching principles of market integrity and investor protection, no exemptions would be granted from the extant investor protection framework, Know-Your-Customer (KYC) and Anti-Money Laundering (AML) rules. 15. Entities desirous of participating in sandbox shall make an application, including exemption / relaxation being sought from relevant provisions of the applicable regulatory framework. 16. The registration granted by SEBI to all entities registered with SEBI under Section 12 of the SEBI Act, 1992 is activity based. An entity which is registered with SEBI for a particular activity is authorized to carry out activity in that domain. In order to ..... X X X X Extracts X X X X X X X X Extracts X X X X ..... applicant shall ensure that before signing up, the user has read the full documentation provided by the applicant and confirm that he/she is aware of the risks of using the solution. 24. The applicant shall ensure that users participating in the sandbox have the same protection rights as the ones participating in the live market. E XTENDING OR E XITING THE S ANDBOX 25. At the end of the testing period, the permission granted to the applicant as well as the legal and regulatory requirements relaxed by SEBI, shall expire. 26. Upon completion of testing, i) SEBI shall decide whether to permit the FinTech innovation to be introduced in the market on a wider scale. Where allowed, participants intending to carry out regulated businesses shall be assessed based on applicable licensing, approval and registration criteria under various SEBI regulations, as the case may be. OR ii) The applicant may employ an exit strategy. OR iii) The applicant may request for an extension period to continue testing. 27. The applicant may exit the sandbox on its own by giving a prior notice to SEBI, in writing, of its intention t ..... X X X X Extracts X X X X X X X X Extracts X X X X ..... he applicant a prior notice of its intention to revoke the approval; and iii. Provide an opportunity to the applicant to respond to SEBI on the grounds for revocation 33. Notwithstanding anything contained in the above para, where SEBI is satisfied that in the interest of the applicant, its users, the financial system or the public in general, it may revoke the approval immediately without prior notice and provide the opportunity to the participant to respond after the effective date of revocation. If the response is satisfactory, SEBI may reinstate the approval to participate in the sandbox. 34. Upon revocation of an approval, the participant must: i) Immediately implement its exit plan to cease the provision of the product, process, service or solution to new and existing users; ii) Notify its users about the cessation and their rights to grievance redressal, as applicable; iii) Comply with obligations imposed by SEBI to dispose of all confidential information including user s personal information collected over the duration of the testing; iv) Compensate any users who had suffered financial losses arising from the test in accordance with ..... X X X X Extracts X X X X X X X X Extracts X X X X ..... purpose b. Key benefits to the users and markets c. Business Model, including asset deployment and sources of revenue d. Target users e. Compliance obligations f. Time period for testing 3.2 Summary of the technical solution including but not limited to: a. Technical architecture b. Usage of Artificial Intelligence and Machine Learning, if any c. Cyber resilience: VAPT results, if any d. Certification from Common Criteria Recognition Arrangement (CCRA), if any e. Business Continuity Plan, if any f. Any other certifications, if any 3.3 With respect to the genuineness of innovation, please provide an explanation as to how the solution constitutes a significantly different offering in the market place 3.4 Awareness of similar offering in other countries or for other than securities/commodities markets 3.5 Timelines for pan-India deployment post sa ..... X X X X Extracts X X X X X X X X Extracts X X X X ..... in the production environment? Please provide the details 5.3 6. Deployment post-testing 6.1 Describe how the regulatory requirements will be met post successful sandbox testing 6.2 Please provide a pan-India deployment strategy, post successful sandbox testing 6.3 Please provide a clear strategy to monitor the outcomes in the live scenario 6.4 Please provide exit and transition strategy if the deployed solution turns unviable and the tests are unsuccessful 7. Relaxation of SEBI regulations and guidelines 7.1 Outline the list of rules, regulation, guidelines, circulars etc. of SEBI that, as per the applicant, may act as an impediment to the proposed FinTech solution, along with detailed rationale 7.2 Is SEBI to relax any specific regulat ..... X X X X Extracts X X X X X X X X Extracts X X X X
|