The Central Bank regulatory sandbox: A risk-appropriate response for Fintech start-ups in Rwanda
Monday, May 02, 2022
By testing new financial products and services in live environments, new regulations and guidance are informed by real-world instead of assumption. Net photo.

The evolving technology landscape and new technologies becoming more diverse and sophisticated have not spared the financial sector. Developers of technological financial products, services and business models and implantation mechanisms face various challenges particularly in the first days of their venture.

Risks associated with cybersecurity, data protection, service/systems interoperability, among others, compel the National Bank of Rwanda (the Central Bank) to continuously adopt responsive and risk-appropriate regulatory frameworks.

The BNR has recently adopted regulation No 41/2022 of 13/04/2022 governing the regulatory sandbox.

 Defined as a live, contained environment in which participants may test their product, service or solution, the sandbox aims at enabling developers of innovative financial products test the products in a live environment, as well as fostering responsible financial innovations that benefit financial consumers by improving the quality of, access to and usage of the financial products and services; and solutions to be deployed and tested in a live environment prior to launch into the market place.

It also informs BNR of which gaps need fixing before a license can be granted.

The sandbox regulation will enable the Central Bank to assess and manage emerging risks facing new financial products and services. It further provides an evidence base to shape potential suit of changes to the regulation of financial services. Broadly, the sandbox sits within the government policy to assist innovation, development and competition in Rwandan financial market.

The regulatory sandbox ensures that new products are licensed after analysing the interests of consumers as well as the market need. By testing new products in live environments, new regulations and guidance are informed by real-world instead of   assumption.

Under the regulation, an applicant seeking to participate in the regulatory sandbox must demonstrate that:

 •   The financial product, service or solution is genuinely innovative with clear potential;

•   The Innovative financial products and services as well as related solutions do not clearly correspond to products or services currently regulated under existing laws and regulations;

•     The Innovative financial products and services are those that are likely to fall under the supervisory scope of the Central Bank;

•  They have conducted an adequate and appropriate assessment to prove the usefulness and functionality of the product, service or solution and identified the associated risks;

An applicant wishing to participate in the regulatory sandbox must ensure that the purpose, scope and criteria specified are fully satisfied before submitting the proposal.

Furthermore, the applicant shall identify potential risks that may arise and communicate them to the customers. The applicant proposes appropriate safeguards to mitigate the identified risks as well.

The sandbox will enable participating developers to familiarise by the regulated business environment by live‐testing their products in a delimited setting with precise scope and scale, without attracting the full suite of regulatory requirements.

It is worth noting that once permitted to participate, participants in the sandbox testing must observe certain requirements. In this regard, article 12 of the regulation provides that the Central Bank requires participants to submit interim reports on the progress of the test, and the reports must include:

• key performance indicators, key milestones and statistical information; 

•   key issues arising as observed from fraud or operational incident reports; and 

•    Actions or steps taken to address consumer complaints, emergent risks, or other issues relevant to Central Bank’s assessment of applicable regulatory requirements.

The frequency of reporting and specifics to be included in interim reports are agreed upon between the Central Bank and the participant, and depends on the duration, complexity, scale and risks associated with the test. The participant must submit a final report to Central Bank within 30 days calendar before the expiry of the testing period. This final report must contain (1) key outcome and performance indicators against agreed measures for the success or failure; (2) a full account of all incident reports and resolution of customer complaints; and (3) in the case of a failed test, lessons learned from the test.

Applicants and/or participants need to be vigilant on all the requirements and requisite standards as the Central Bank reserves the right to regulatory sandbox approval. Article 16 of the above mentioned regulation provides that the Central Bank may revoke a participant’s regulatory sandbox approval and ask the participant for an early exit from the regulatory sandbox if, among other reasons, it determines that the intended test outcome as agreed is unlikely to be achieved.

To wrap up, regulatory sandboxes are generally not 100 % risk free. Precaution is key when designing regulatory sandboxes for them to be effective. Stakeholders and regulator must have some understanding on how new technologies work, and assess associated risks even before testing in a live environment to protect consumers and as well as business owners.

The writer is a banking and Finance lawyer and Senior Associate at CM Advocates.

Email:  jeanmarie@cmadvocates.rw