The new rules also mandate compliance with the provisions of the Digital Personal Data Protection Act, 2023
The RBI has mandated entities to ensure adequate safeguards to prevent any personal data breach
First introduced in 2019, the framework aims to foster responsible innovation in the sector and enable fintechs to test innovative products
Inc42 Daily Brief
Stay Ahead With Daily News & Analysis on India’s Tech & Startup Economy
In a move expected to help fintech startups, the Reserve Bank of India (RBI) on Wednesday (February 28) released an updated framework for enabling regulatory sandbox (RS).
For the uninitiated, a sandbox enables entities to test their products or services under controlled, secure and regulated space without full compliance with the standard regulatory norms. This is especially helpful for fintechs testing innovative products.
“The framework has been revised based on the experience gained over the last four and half years in running four cohorts and feedback received from fintechs, banking partners and other stakeholders..,” the RBI said in a statement.
Under the updated rules, the central bank has revised the timeline of the various stages of the sandbox process to nine months from the earlier seven months. It said that the cohorts should “ordinarily be completed within nine months” excluding the preliminary screening period.
The RBI has also introduced an additional phase called “formulation of test design and integration” in the regulatory sandbox process. Under this, the RBI’s fintech department will finalise the test design and identify metrics for evaluating benefits and risks. The timeline for this phase has been set at 45 days.
The new rules also mandate compliance with the provisions of the Digital Personal Data Protection Act, 2023. It also directs applicants to build appropriate technical and organisational measures to ensure effective compliance with the data protection rules.
“The sandbox entity must process all the data, in its possession or under its control with regard to RS testing, in accordance with the provisions of Digital Personal Data Protection Act, 2023. In this regard, the sandbox entity should have appropriate technical and organisational measures to ensure effective compliance of the provisions of the Act and rules made thereunder,” the RBI added.
The central bank has also mandated entities to ensure adequate safeguards to prevent any personal data breach.
On the consumer protection front, the RBI has changed the fineprint of the rules to mandate the RS participants to explicitly seek user consent in a “language understood by the customer”. The previous iteration sought consent in a “local language”.
Another major takeaway of the rules is that entities will also be allowed to get into in-principle partnership arrangements with various “stakeholders” while applying for the sandbox.
“The cohort may also be theme neutral wherein innovative products/services/technologies cutting across various functions in RBI’s regulatory domain would be eligible to apply,” added the RBI.
Owing to the sharp rise in the number of startups working on innovative fintech solutions, the RBI first set up an inter-regulatory working group to review the regulatory framework for the fintech sector in 2016.
Two years later in 2018, the panel recommended the introduction of a framework for a regulatory sandbox to spur innovation and test new products. Eventually, the framework for enabling regulatory sandbox was first unveiled in 2019 after wide-ranging consultations with stakeholders.
As per RBI website, the initiative aims to foster responsible innovation in financial services, promote efficiency and bring benefits to consumers. The sandbox has incubated products such as Paytm Postpaid, ToneTag’s audio-based digital payments solutions, and Fincare Small Finance Bank’s biometric-based authentication system.
The updated framework comes close on the heels of the central bank’s crackdown on the fintech sector. Be it the curbs on Paytm Payments Bank or card networks such as Visa and Mastercard, some of the orders by the central bank in recent months have sent tremors across the fintech ecosystem.
As fintech stakeholders grew wary, finance minister (FM) Nirmala Sitharaman on February 26 met the founders of the ecosystem and allayed their concerns. The meeting was also attended by RBI deputy governor T Rabi Sankar.
Note: We at Inc42 take our ethics very seriously. More information about it can be found here.