The Bangko Sentral ng Pilipinas (“BSP”) issued last 5 September 2022 BSP Circular No. 1153 (the “Circular”) which institutionalizes a regulatory sandbox framework to better evaluate entities under its regulatory purview that offer or use financial products/services utilizing emerging or new technology (such as, but not limited to, artificial intelligence/machine learning, Internet-of-Things (IoT), 5G, cloud and quantum computing, robotics process/business automation, and decentralized ledger technologies). As part of its “test-and-learn” approach, the BSP attempts to gain firsthand, evidence-based insights on how these emerging technologies operate, identify consequences and risks on usage and implementation, and how these technological solutions can be properly regulated without impeding innovation.
It may be recalled that last June 2021, the BSP, through Circular No. 1122, has initiated an open finance framework that has enabled access for third-party providers (“TPP”) to use customer’s financial information and data (subject to consent requirements and opt-out mechanisms). Consequently, TPPs can leverage on such data to better develop their financial technology (“Fintech”) products and services. The BSP, in the same circular, recommended the creation of a central sandbox to create an environment where these products can be deployed and tested within specified parameters and timeframes. Circular No. 1153 appears to build on this open finance framework by operationalizing the sandbox component of the BSP’s initiatives.
What is a Regulatory Sandbox?
Regulatory sandbox is defined under the Circular as “a controlled, time-bound, live testing environment, which may feature regulatory waivers xxx [that] involve limits or parameters within which [p]articipants must operate.” Broadly speaking, it allows Fintech providers the chance to test their products/services in a controlled environment – consisting of select groups of consumers with whom the Fintech providers may interact with – under the supervision of the BSP’s Sandbox Oversight Team. Those who wish to participate in the regulatory sandbox must first meet the eligibility standards under the Circular before they can be approved to become part of the sandbox activity.
Under the Circular, the applicants should meet the following criteria to be able to participate in the regulatory sandbox:
- The financial solution (1) uses new or emerging technology or utilizes an existing technology in an innovative manner or (2) bridges a market gap in the delivery of financial products/services. The financial solution must be supported by research that shall be part of the documents submitted to the BSP.
- The applicant must demonstrate its capability to deploy the proposed solution through a roll-out plan or strategy.
- The applicant shall provide an initial test plan, which includes test case scenarios and expected outcomes of the experiment.
- The applicant must be able to identify significant risks, including money laundering and terrorist financing risks, IT and cybersecurity, data integrity and data privacy, market acceptability, consumer protection, and project implementation/execution, relevant to the innovation and the corresponding proposed safeguards and risk mitigation strategies.
- The applicant must be able to identify Key Performance Indicators (“KPls”) or other metrics in monitoring the progress of the pilot implementation; and
- The applicant shall provide an acceptable exit and transition strategy once the experimentation is completed regardless of the outcome.
The BSP, in the course of its evaluation, reserves the right to reject an application based on the merits of the submitted documents and representations, without prejudice to the filing of a new application after a six (6)-month cooling off period.
Those who are eligible (the “Participants”) will be allowed to test their proposed innovation in accordance with the BSP-approved test plan which shall be suited to the features of the proposed innovation/solution. Specific regulatory requirements may be relaxed during the testing period in accordance with the test plan. Once the test plan is approved, the BSP will issue a Letter to Proceed with the Test Implementation. From there, the Testing Implementation Phase commences, with testing duration ranging from three (3) to twelve (12) months from the go-live date, depending on the complexity of the proposed solution. After the testing stage. a comprehensive evaluation of the whole experimentation shall take place as part of the exit procedures. The Participants must comply with the reportorial requirements mandated by the BSP to establish the necessary information final results of the experimentation.
Participants whose sandbox activities are assessed as successful and whose products or services are deemed fit for public consumption may apply to operate and offer for public use and consumption the proposed product or service that was subjected to the sandbox activity. The Sandbox Oversight Team shall endorse for approval the product or service that resulted in a successful sandbox testing. The pertinent requirements and processing timelines for the issuance of an authority to offer electronic products and financial services (“EPFS”) shall apply for this purpose. However, the approving authorities in the BSP reserve the right to approve or disapprove the proposed product or service despite the successful sandbox testing.
The regulatory sandbox is a step in the right direction towards an inclusive digital financial ecosystem in the Philippines. Hopefully, this bottom-up approach towards policy making will break down unneeded regulatory barriers (while still addressing the risks associated with the adoption of certain innovations), and further promote private and public sector partnerships.
This article is for informational and educational purposes only. It is not offered and does not constitute legal advice or legal opinion.
Juan Miguel C. Dela Cruz is an associate of the Corporate and Special Projects Department of Angara Abello Concepcion Regala & Cruz Law Offices (ACCRALAW).