沙盒的想法最初来自英国前首席科学顾问Sir Mark Walport，他建议金融服务行业能够建立与健康和制药行业临床试验类似的机制，并认为这个机制能够让整个行业从中受益。金融行为监管局（FCA），具体来说是监管局下属的项目创新部门萌生了这个想法，并于2016年建立了第一个金融科技沙盒。沙盒自2016年成立以来已经接纳了89家公司，刚刚完成第五组的申请。
Last week Kuwait became the latest sandy territory to announce it was setting up a regulatory "sandbox" for fintech companies (following in the footsteps of similarly arenaceous Bahrain, Abu Dhabi, and Arizona, which earlier this year became the first place in the US to set one up).
A regulatory sandbox is a bit like a regular sandbox, except with no sand, no children, and no discernible fun. Instead, it is essentially a programme — normally running for several months — that allows early-stage fintech start-ups to test out their offerings in a limited market environment, under regulatory supervision, but without having to be fully licensed.
That might sound pretty harmless. In practice, it's not. Regulators' primary role is to protect consumers — often, ironically, precisely from the kind of "financial innovation" the companies in the sandbox are offering — and to safeguard financial stability. It is not regulators' job to provide start-ups with free marketing or any kind of stamp of approval, which is how they are often being used (more on that later).
Worryingly, there now appears to be a kind of race to the bottom among global regulators to set up the most "light-touch" possible regimes so as to attract start-ups to their jurisdictions — whether or not they are offering consumers and investors anything useful. Sandboxes are a part of that.
Consider, for example, the title of this email about the Arizona sandbox, sent to us back in September (if this is what they're sending to journalists, what are they sending to industry?) :
Arizona State Offering Regulation-free Access for UK Companies
"Regulation-free access"! What could possibly go wrong? Arizona has so far only signed up three participants in its regime. One of these is listed on the official website as "a financial service platform implementing an array of avante garde [sic] technologies".
Some are born great, some achieve greatness, and some get accepted into a fintech sandbox
The sandbox idea first came from Britain's former chief scientific adviser Sir Mark Walport, who suggested the financial services industry would benefit from having something equivalent to the clinical trials of the health and pharmaceutical sectors. The Financial Conduct Authority (FCA) — specifically its Project Innovate arm — jumped on the idea, setting up the first sandbox for fintechs in 2016. The sandbox has accepted 89 companies since its inception in 2016 and is just finished taking applications for its fifth cohort.
In the last cohort, almost half of the 29 firms' business models were based either crypto or blockchain. One of them was TokenCard, a company that last May boasted about raising $16.7m in "mere minutes" in an ICO. While fundraising, TokenCard made some outlandish claims that were adjusted once Alphaville started looking into them (you can read the full story here).
The FCA says the sandbox helps it understand new technologies — and any associated risks — before products hit the mass market, and that it helps start-ups to build in safeguards for consumers at an earlier stage than would otherwise have been the case. It also says it sees innovation playing an important role in driving more effective competition in Britain's financial services market.
But what it doesn't say is that one of the biggest reason firms want to be in their sandbox is the PR value it brings.
We frequently get sent press releases from fintech start-ups boasting that they have been "accepted" into the sandbox or that they have tested out a product under supervision while in the sandbox, as if that were some kind of endorsement.* "PRESS RELEASE: NorthRow selected for the FCA’s Regulatory Sandbox (July 4); "Release: Globacap issues world’s first blockchain equity-security tokens under the regulatory supervision of the UK Financial Conduct Authority" (September 6).
A recent Deloitte survey of current and past participants in the FCA's sandbox found that most firms see it as a "badge of honour" and believe acceptance increased their credibility with both customers and investors. That's a problem.
Anna Wallace, the head of the FCA's Project Innovate, told us:
The regulatory sandbox is not a stamp of approval. We’ve been very clear about that since conception. It is a place to test things out in a safe environment.
She also told us, however, that the sandbox helped young firms attract investment, and that about 40 per cent of start-ups that went through the sandbox had got investment either during or after the programme. Sounds like quite good PR to us.
Why doesn't the FCA instead provide confidential guidance — rather than putting out a press release each time it announces a new cohort — so that the sandbox isn't exploited as PR? Wallace told us:
For us as a regulator the parallel is the fact that we have a transparent register of firms that are authorised by us as the FCA. So we saw no reason to take a different approach with the regulatory sandbox
New ideas are not always good ideas
But so what if the sandbox is being used as publicity and a means to get investment? If it's helping the FCA understand new technologies, what's the problem?
Firstly, it's not helping the FCA understand that technology on any kind of scale. By limiting the amount of customers and money start-ups are allowed to work with, how can the regulator possibly understand whether this could pose any kind of risks to the stability of the system as a whole?
Secondly, the fact that start-ups think they're being seen as more legit after they've been through the sandbox means they probably are being seen as more legit. We've seen the kind of problems that the "disruptive technology" that is crypto — and in particular the ICO market — can lead to, but that's just the start of it. Financial innovation, even if it starts off with good intentions, often leads to disaster.
As Martin Walker, director for banking and finance at the Center for Evidence Based Management, pointed out to us (hyperlinks our own):
Some of the most high-impact financial innovations of recent years included PPI, NINJA mortgages and CDO-squared.
Thirdly, not all regulators are born equal. The FCA might be conducting rigorous testing in its sandboxes, but that doesn't mean other regulators are doing so. Among those jurisdictions that have either implemented or announced fintech sandboxes are Russia, Indonesia, Jersey and Sierra Leone. Walker again:
The concept becomes really dangerous if applied by some of the more disreputable offshore centres or regulators in more naive jurisdictions.
The States appears to be the only place, so far, that has seen any pushback on any of this. After the US's federal Consumer Financial Protection Bureau (CFPB) announced that it too would be setting up a fintech sandbox over the summer, a coalition of 50 public-interest groups wrote a letter to the bureau, saying such a programme could put consumers at risk. Here's an excerpt:
As with some other proposals for fintech “sandboxes,” vague promises of the benefits of innovation and industry claims about the constraints or uncertainties of existing regulations do not justify special treatment or waiver of consumer protection rules for favored companies or industries.
One of the groups, the National Consumer Law Center, added:
The CFPB is exceeding its authority under the law that created the agency and would set a dangerous precedent with its “disclosure sandbox” policy, its label for granting companies exemptions from disclosure rules. Instead of conducting limited, carefully drawn trials of model disclosures that could improve consumer understanding, the CFPB would allow firms to obfuscate or eliminate important information in the name of “financial innovation,” a label that was often applied to defend practices in mortgage lending that led to the 2008 crisis.
Indeed. Regulators need to make sure they are protecting consumers, and not getting lost in the "financial innovation" quicksands.