Securities and Exchange Board of India
CIRCULAR
SEBI/HO/ITD/ITD/CIR/P/2021/575
June 14, 2021
To,
All Stock Exchanges, Clearing Corporations and Depositories
All Intermediaries
Dear Sir/Madam,
Subject: Revised Framework for Regulatory Sandbox
1. With the intent to promote innovation in the securities market, SEBI had issued framework for Regulatory Sandbox vide circular no.: SEBI/HO/MRD-1/CIR/P/2020/95 dated June 05, 2020.
2. In order to enhance the reach and achieve the desired aim, the eligibility criteria of the Regulatory Sandbox is revised.
3. The Objective of Regulatory Sandbox: To grant certain facilities and flexibilities to the entities regulated by SEBI so that they can experiment with FinTech solutions in a live environment and on limited set of real users for a limited time frame.
4. The updated guidelines pertaining to the functioning of the Regulatory Sandbox are provided at Annexure A.
This circular is being issued in exercise of powers conferred under Section 11 (1) of the Securities and Exchange Board of India Act, 1992 and Section 19 of the Depositories Act, 1996 to protect the interests of investors in securities and to promote the development of, and to regulate the securities market.
Yours faithfully,
Mridusmita Goswami
General Manager
Information Technology Department
Phone: +91-022-26449504
Email: mridusmitag@sebi.gov.in
Annexure A- Standard Operating Procedure – Regulatory Sandbox
APPLICABILITY
1. All entities registered with SEBI under section 12 of the SEBI Act 1992, shall be eligible for testing in the regulatory sandbox. The entity may apply either on its own or in partnership with any other entity. In either scenarios, the registered market participant shall be treated as the principal applicant, and shall be solely responsible for testing of the solution.
STAGES OF SANDBOX TESTING
2. The details of the stages of sandbox testing are as below:
2.1. Stage–I: SEBI will approve the limited set of users as proposed by the applicant for testing in Stage-I. During the stage-I testing, applicant shall use limited and identified set of users with maximum cap on users based on the requirement of the applicant duly approved by SEBI on case to case basis. These users will be required to provide positive consent including their understanding of the risks of using the solution.
2.2. Stage–II: During the stage-II testing, applicant shall test with larger set of identified users with maximum cap on users based on the requirement of the applicant duly approved by SEBI on case to case basis. These users will be required to provide positive consent including their understanding of the risks of using the solution.
ELIGIBILITY CRITERIA FOR THE PROJECT
3. Stage-I Eligibility Criteria: The Stage-I eligibility criteria shall be as follows:
3.1. SEBI Registration: The applicant should be an entity registered with SEBI under section 12 of the SEBI Act 1992. The entity may apply either on its own or in partnership with any other entity. In either scenario, the registered market participant shall be treated as the principal applicant, and shall be solely responsible for all aspects of participation in the Regulatory Sandbox.
3.2. A. Genuine need to test: The applicant should have a genuine need for live testing the solution on real users. The applicant should provide justification that testing in test environment with test data is not enough.
B. Genuine need for relaxation: The applicant should provide justification that the solution cannot be deployed without relaxations in certain regulations being sought.
3.3. Compliance to the objective of the Regulatory Sandbox: The solution should be pertaining to the securities market and should be either new innovative solutions or a solution for performing existing services in better way by improving the existing processes or facilitating inclusion.
3.4. Benefits to users: The solution should offer identifiable benefits (direct or indirect) to the users and/or to the securities market as a whole.
3.5. Testing readiness of the solution: The applicant should have necessary resources to support testing in the sandbox and must demonstrate well developed testing plans with clear objectives, parameters and success criteria.
3.6. Safeguards to mitigate potential risks to the financial system: The solution should have proper risk management strategy to incorporate appropriate safeguards to mitigate and control potential risks to any market participants/users that may arise from the testing of the solution and shall propose appropriate safeguards to manage the risks and contain the consequences of failure.
4. An applicant is eligible for Stage-II after completing minimum 90 days in the Regulatory Sandbox testing.
5. Stage- II Eligibility Criteria: The Stage-II criteria shall be as follows:
5.1. Adequate Progress: The applicant should demonstrate that they have achieved adequate progress and are on track with their testing plan.
5.2. Compliance to the objective of the Regulatory Sandbox: The applicant should provide justification that they are complying with the objective of the Regulatory Sandbox.
5.3. Reviews of the Risks observed during Stage-I testing: The applicant should submit the details of the risks observed during stage-I testing along with the steps taken to mitigate those risks.
5.4. Safeguards to mitigate potential risks: The applicant should provide the list of appropriate safeguards to manage the risks and contain the consequences of failure.
5.5. Users feedback: The applicant should present summary of the feedback received from the users participated during stage-I of the Regulatory Sandbox testing highlighting the adverse feedbacks and steps taken to address the same.
5.6. Deployment post-testing: The applicant should present the intention and ability to deploy the solution on a broader scale. To this effect the applicant should share a proposed sandbox exit strategy.
APPLICATION AND APPROVAL PROCESS
6. The applicant shall ensure that the specified eligibility criteria are satisfied while submitting the application as per Annexure-1 to SEBI. The application form shall be signed by the Chief Executive Officer (CEO) of the applicant or officer duly authorized by the CEO or compliance officer. The complete application must be submitted to:
Chief General Manager,
Information Technology Department,
SEBI Bhavan, Plot No. C4-A, G-Block, Bandra Kurla Complex,
Bandra (E), Mumbai – 400051
Or
By email at regulatorysandbox@sebi.gov.in
7. Thereafter, the application shall be forwarded to the relevant department of SEBI for processing. SEBI shall communicate with the applicant during the course of evaluating the sandbox application, and during the testing phase. The status of the applications shall be published on SEBI website.
8. At the “Application Stage”, SEBI shall review the application and inform of its potential suitability for a sandbox preferably in 30 working days from the submission of the complete application and further information as desired by SEBI. SEBI may issue guidance to the applicant according to the specific characteristics and risks associated with the proposed solution. SEBI may also consult its Committee on Financial and Regulatory Technologies (CFRT) or Regulatory Sandbox Sub-committee, if necessary, to evaluate the application.
9. At the “Evaluation Stage”, SEBI shall work with the applicant to determine the specific regulatory requirements and conditions (including test parameters and control boundaries) to be applied to the proposed solution in question. The applicant shall then assess if it is able to meet these requirements. If the applicant is able and willing to meet the proposed regulatory requirements and conditions, the applicant shall be accepted in Stage-I and granted permission to develop and test the proposed Innovative solution(s) in the sandbox.
10. Upon approval, the applicant shall apply for the limited certificate of registration of that particular category of intermediary for which the applicant seeks to test the innovative solution along with a token fees of Rs 10,000.
11. SEBI shall review and approve the application and allot a registration number to the applicant with the validity of maximum of 12 months.
12. Once registration is allotted to the applicant, the application shall proceed towards the “Stage- I Testing Stage”. The applicant shall disclose to its users that the solution shall operate in a sandbox and the potential key risks associated with the solution. The applicant is also required to obtain the users’ positive consent that they have read and understood the risks before any transactions separately for both Stage-I and Stage-II.
13. During the Stage-I testing stage, the applicant shall take prior approval from SEBI to effect any material changes to the solution.
14. The applicant shall assign a contact person to coordinate with a designated officer of SEBI.
15. An applicant is eligible for Stage-II after completing minimum three (3) months in the Regulatory Sandbox testing.
16. If applicant wishes to apply for Stage-II, the applicant should submit the application as per Annexure-2 to SEBI.
17. The application shall be evaluated on the eligibility criteria mentioned for Stage-II. Applicants may be required to make a presentation to the Regulatory Sandbox subcommittee either physical or through online mode.
18. If approved, applicant enters stage-II of Sandbox testing: Applicant shall be able to test on users with maximum cap on users based on the requirement of the applicant duly approved by SEBI. These users will be required to provide positive consent including their understanding of the risks of using the solution.
19. The applicant must submit monthly reports as mentioned in the Section: “SUBMISSION OF TEST RELATED INFORMATION AND REPORTS”. These monthly reports would be reviewed by SEBI. If the progress of the applicant is not satisfactory then, SEBI may revoke the approval to participate in the sandbox.
20. The total duration of the sandbox testing stage (including Stage-I and Stage-II) shall be a maximum of twelve (12) months and extendable upon request of the applicant duly approved by SEBI.
21. In case an application is rejected at any stage, the applicant shall be informed accordingly. The reasons for rejection could include failure to meet the objective of the sandbox or any of the eligibility criteria. The applicant may re-apply for the sandbox when it is ready to meet the objective and eligibility criteria of the sandbox, subject to an appropriate cooling off period as decided by SEBI.
EVALUATION CRITERIA
22. The applicant may be evaluated using a scoring process by SEBI, inter alia, based on the parameters given below:
22.1. STAGE-I Evaluation Criteria:
22.1.1. Profile of the applicant
22.1.2. Genuine need to test
22.1.3. Genuine need for relaxation
22.1.4. Solution should be either new solution or improvement in the existing processes
22.1.5. Identified benefits to the users and/or the securities/commodities markets
22.1.6. Compilation of meaningful test scenarios and expected/desired outcomes
22.1.7. Risk measured/graded testing conditions and parameters so as to
ensure safety and protection of the markets/users
22.1.8. Risk mitigation for high risk testing conditions and parameters
22.1.9. Appropriate disclosure requirements and protection to their users 22.1.10. Clearly defined grievance redressal mechanism and user rights 22.1.11. Adequate disclosure of the potential risks to participating users 22.1.12. Prior confirmation from users that they fully understand and accept the attendant risks
22.1.13. Intent and feasibility to deploy the proposed Innovative solution post testing
22.1.14. The withdrawal strategy (in the event the tests are not successful) including for participating users
22.1.15. Any other factors considered relevant by SEBI
22.2. STAGE- II Evaluation Criteria:
22.2.1. Applicant has achieved adequate progress in stage –I testing
22.2.2. Review of the risks observed during stage –I testing
22.2.3. Review of the steps taken to mitigate the risks
22.2.4. Appropriate safeguards to manage the risks and contain the consequences of failure
22.2.5. User feedback during stage-I testing
22.2.6. Intent and feasibility to deploy the proposed Innovative solution post testing
22.2.7. The deployment and monitoring strategy post testing (in the event the tests are deemed successful) or the withdrawal strategy including for participating users (in the event the tests are not successful)
REGULATORY EXEMPTIONS
23. To encourage innovation with minimal regulatory burden, SEBI shall consider exemptions/ relaxations, if any, which could be either in the form of a comprehensive exemption from certain regulatory requirements or selective exemptions on a case-by-case basis, depending on the Innovative solution to be tested.
24. Within the overarching principles of market integrity and investor protection, no exemptions would be granted from the extant investor protection framework, Know-Your-Customer (KYC) and Anti-Money Laundering (AML) rules.
25. Entities desirous of participating in sandbox shall make an application, including exemption / relaxation being sought from relevant provisions of the applicable regulatory framework.
26. The registration granted by SEBI to all entities registered with SEBI under Section 12 of the SEBI Act, 1992 is activity based. An entity which is registered with SEBI for a particular activity is authorized to carry out activity in that domain. In order to enable the cross domain testing of innovative solutions, an existing registered entity would be required to first obtain a limited certificate of registration for the category of intermediary for which it seeks to test the Innovative solution(s).This concept of limited registration shall facilitate the entities to operate in a Regulatory Sandbox without being subjected to the entire set of regulatory requirements to carry out that activity.
27. Accordingly, regulatory relaxations from various SEBI regulations may be provided after analyzing specific sandbox testing applications. A reference list is given at Annexure-3 with examples of the regulatory requirements that will be mandatory and those for which SEBI may consider granting relaxation during the sandbox testing.
28. SEBI has notified SEBI Regulatory Sandbox (Amendment) Regulations, 2020 so as to enable the grant of relaxation(s)/exemption(s), as may be deemed fit, while granting such limited certificate of registration.
SUBMISSION OF TEST RELATED INFORMATION AND REPORTS
29. The Sandbox applicant must submit project plan along with the Application Form for participation in Regulatory Sandbox. The project plan shall include timelines and milestones of major activities.
30. During the testing period (both Stage-I and Stage-II), SEBI may require the applicant to submit information/reports on monthly basis including:
i) Key performance indicators, milestones and statistical information
ii) Key issues arising as observed from fraud or operational incident reports
iii) Actions or steps taken to address the key issues identified above
iv) Any other information relevant to SEBI.
31. The sandbox applicants must submit a final report containing the following information to SEBI within 30 calendar days from the expiry of the Stage-II testing period:
i) Key outcomes, key performance indicators against agreed measures for the success or failure of the test and findings of the test
ii) A full account of all incident reports and resolution of user complaints, if any
iii) Key learnings from the test
32. The monthly and final reports must be confirmed by the Chief Executive Officer (CEO) of the applicant or officer duly authorized by the CEO or the compliance officer.
33. The sandbox applicant must ensure that proper records of the conducted tests are maintained for review by SEBI. Further, the applicant shall also maintain such records for a period of three (3) years from the date of completion of testing/ exit from the sandbox.
OBLIGATIONS OF THE APPLICANT TOWARDS THE USER
34. The applicant shall ensure that before signing up, the user has read the full documentation provided by the applicant and confirm that he/she is aware of the risks of using the solution and if asked by SEBI, submit the user consent form in the format prescribed in Annexure-4.
35. Right of the users participating in the sandbox:
35.1. The applicant shall ensure that users participating in the sandbox have the same protection rights as the ones participating in the live market except for the specific provisions mentioned in the user consent form and relaxations granted under regulatory sandbox.
35.2. The applicant shall take liability / indemnity insurance of an adequate amount and period to safeguard the users participating in the sandbox. The adequacy of indemnity cover shall depend on determination of the maximum liability based on, among others, (i) maximum exposure to a single user (ii) the number of claims that could arise from a single event (potential for multiple claims); and (iii) number of claims that might be expected during the policy period. The policy cover shall begin with the start of testing stage and end three months after exit of the sandbox entity from the regulatory sandbox.
35.3. Users shall have the right to revoke the consent.
35.4. In case of exit by some users, the applicant may take additional users within the permissible cap of users.
36. The applicant should publish clearly defined grievance redressal mechanism to address any of the grievances of the users participating in the sandbox.
37. The users may also use SEBI Complaint Redressal System (SCORES) for registering their grievances/ complaints.
EXITING AND WITHDRAWING FROM THE SANDBOX
38. The applicant is required to submit exit strategy which would be applicable during successful testing and withdrawal strategy which would be applicable during unsuccessful testing as per below:
38.1. Exit Strategy: The applicant shall provide exit strategy which shall be applicable in the event of successful testing. This shall incorporate the post-testing strategy and deployment of the solution on a broader scale. The exit strategy shall include following:
38.1.1. Process of notification to the existing users of the completion of the sandbox testing and informing them on the necessary steps to be taken.
38.1.2. Proposed steps for deployment of the solution on a broader scale.
38.1.3. How the current position of the existing users shall be taken care while migrating to live environment.
38.1.4. The applicant needs to mention what regulatory changes are expected to enable the applicant to launch their solution in the live market post completion of the sandbox testing.
38.2. Withdrawal Strategy: The applicant shall provide withdrawal strategy which shall be applicable in the event the tests are not successful or applicant wants to discontinue the sandbox testing or SEBI revokes the approval to participate in the sandbox as per the” Revocation of the Approval” clause of this document. The withdrawal strategy shall include following:
38.2.1. Process of notification to the existing users regarding the termination of the sandbox testing and informing them on the necessary steps to be taken.
38.2.2. Settling/ transferring etc. of the current position of the existing users within 15 days of the initiation of the withdrawal strategy, as may be applicable.
38.2.3. Refund of any dues to the existing users within 15 days of the initiation of the withdrawal strategy.
39. At the end of the Stage-II testing period, the permission granted to the applicant as well as the legal and regulatory requirements relaxed by SEBI, shall expire.
40. Upon completion of testing,
i) SEBI shall decide whether to permit the innovation to be introduced in the market on a wider scale. Where allowed, applicants intending to carry out regulated businesses shall be assessed based on applicable licensing, approval and registration criteria under various SEBI regulations, as the case may be.
41. The applicant may withdraw from the sandbox on its own by giving a prior notice to SEBI, in writing, of its intention to withdraw from the sandbox.
42. The applicant shall ensure that any existing obligation to the users of the Innovative solution(s) in the sandbox are completely fulfilled or addressed before withdrawing from the sandbox or before discontinuing the sandbox testing.
43. The applicant is required to maintain records of acknowledgement of all its users stating that all the obligations towards the users have been met. These records shall be maintained by the applicant for a period of three (3) years from the date of withdrawal from the sandbox.
REVOCATION OF THE APPROVAL
44. SEBI may revoke an approval, to participate in the sandbox, at any time before the end of the testing period, if the applicant:
i) Fails to carry out risk mitigants.
ii) Submits false, misleading or inaccurate information, or has concealed or failed to disclose material facts in the application
iii) Contravenes any applicable law administered by SEBI or any applicable law in India or abroad
iv) Unsatisfactory progress
v) Suffers a loss of reputation
vi) Undergoes or has gone into liquidation
vii) Compromises the digital security and integrity of the service or product or elevates the risk of a cyber-security attack
viii) Carries on business in a manner detrimental to users or the public at large
ix) Fails to effectively address any technical defects, flaws or vulnerabilities in the product, service or solution which gives rise to recurring service disruptions or fraudulent activities
x) Fails to implement any directions given by SEBI
xi) Not in the interest of users or securities market
xii) Fails to adhere to the general requirements of Market Infrastructure Institutions (MIIs) etc.
45. In addition to revocation of approval for participating in the sandbox, appropriate actions under relevant regulatory framework may be initiated against the applicant in case solution provided by the applicant under the regulatory sandbox framework facilitates the following:
i) Undermining of Know Your Customer (KYC) principles
ii) Violation of users’/investors’ privacy
iii) Promotion/ facilitation of sale of fraudulent/illegal products or services
iv) Promotion/ facilitation of mis-selling of products or services
v) Violation of Anti-Money Laundering (AML) norms
vi) Creation of risk to market integrity
vii) Theft of intellectual property
viii) Not in the interest of users/ investors or securities market
46. If SEBI proposes to revoke the approval granted to an applicant to participate in the sandbox, then SEBI shall:
i. immediately suspend trials on new users i.e. not permitting new users to sign up for using/ testing the solution and give a notice to the applicant of the intention of SEBI to revoke the approval detailing the grounds for such an intention;
ii. provide an opportunity to the applicant to respond to SEBI on the grounds for revocation; and
iii. dispose of the notice through a speaking order.
47. Notwithstanding anything contained in paragraph 46 above, where SEBI is satisfied that in the interest of the applicant, its users or the securities market, revocation is necessary, it may revoke the approval immediately and issue a notice of revocation containing grounds for revocation, after the effective date of revocation. If the response of the applicant is found to be satisfactory, then SEBI may reinstate the approval and allow the applicant to continue participating in the Regulatory Sandbox.
48. Upon revocation of an approval, the applicant must:
i) Immediately implement its withdrawal plan to cease the provision of the product, process, service or solution to new and existing users;
ii) Notify its users about the cessation and their rights to grievance redressal, as applicable;
iii) Comply with obligations imposed by SEBI to dispose of all confidential information including user’s personal information collected over the duration of the testing;
iv) Submit a report to SEBI on the actions taken, within 30 days from the revocation;
v) Comply with any other directions given by SEBI.
***
ANNEXURE 1
REGULATORY SANDBOX APPLICATION FORM – STAGE- I:
| 1. Applicant’s Information | ||
| Sr. No. | Description | Response |
| 1.1 | Name of the Entity/ Organization | |
| 1.2 | SEBI Registration no. | |
| 1.3 | Name of the Authorized Representative | |
| 1.4 | Designation | |
| 1.5 | Contact No | |
| 1.6 | Email id | |
| 2. Details of other entity involved, if any | ||
| 2.1 | Provide a brief description of other entity and its core businesses including but not limited to:
a. registration with other regulators, b. affiliation to prominent societies, c. Accreditations, d. significant achievements e. financial standing including avenues for funding f. Profile of key personnel |
|
| 2.2 | Does the entity has a presence in India? If yes then please provide details. | |
| 2.3 | Is the entity’s business is already active abroad? If yes then please provide details. | |
| 2.4 | Current orders or proceedings against the entity in India and abroad (if any) | |
| 3. About the proposed solution | ||
| 3.1
|
Provide a short summary of the proposed solution to be tested in the sandbox including but not limited to:
a. Objective of the proposed Innovative solution or the statement of purpose b. Key benefits to the users and markets c. Business Model, including asset deployment and sources of revenue d. Target users e. Compliance obligations f. Time period for testing g. Compliance to the objective of the Regulatory Sandbox |
|
| 3.2 | Summary of the technical solution including but not limited to:
a. Technical architecture b. Usage of Artificial Intelligence and Machine Learning, if any c. Cyber resilience: VAPT results, if any d. Certification from Common Criteria Recognition Arrangement (CCRA), if any e. Business Continuity Plan, if any f. Any other certifications, if any |
|
| 3.3 | With respect to the genuine need to test , please provide why testing in test environment with test data is not enough and it is required to test the solution on real users on live environment | |
| 3.4 | Awareness of similar offering in other countries or for other than securities/commodities markets | |
| 4. Sandbox readiness | ||
| 4.1 | Illustrate the aspect of the Innovative solution that will be tested | |
| 4.2 | The test criteria and expected outcomes | |
| 4.3 | Describe the use case that will be tested in the sandbox | |
| 4.4 | Define success for a test and the Key Performance Indicators that will indicate a successful test | |
| 4.5 | Probable start and end date of sandbox testing | |
| 4.6
|
Details of users including but not limited to:
a. Maximum number of participating users b. Profile of users (retail, institutional, etc.) c. Process for enrollment and acquisition of users d. Requirement of KYC e. User awareness required/conducted f. Whether consent required /has consent been obtained g. Arrangements to limit loss if applicable e.g. Margin, stop loss thresholds etc. h. User compensation if any i. Value at risk per user j. Transaction thresholds per user |
|
| 4.7 | Risk assessment and mitigation options including but not limited to:
a. Failure of sandbox testing b. Financial loss to the users c. Cyber attack d. AML and terrorism financing |
|
| 4.8 | Any instance of a legal and regulatory non-compliance for any other regulator during the sandbox testing | |
| 5. Legal and Regulatory Assessment: other regulators | ||
| 5.1 | Legal and regulatory status (registration, licensing, authorization, approval, recognition etc.) | |
| 5.2 | Legal opinion sought on the proposed Innovative solution, if any | |
| 5.3 | Relevant license to deploy the proposed solution in the production environment? Please provide the details | |
| 6. Deployment post-testing | ||
| 6.1 | Describe how the regulatory requirements will be met post successful sandbox testing | |
| 6.2 | Please provide a pan-India deployment strategy, post successful sandbox testing | |
| 6.3 | Please provide a clear strategy to monitor the outcomes in the live scenario | |
| 6.4 | Please provide withdrawal strategy if the deployed solution turns unviable and the tests are unsuccessful including action plan for participating users who had joined the sandbox | |
| 7. Relaxation of SEBI regulations and guidelines | ||
| 7.1 | Outline the list of rules, regulation, guidelines, circulars etc. of SEBI that, as per the applicant, may act as an impediment to the proposed Innovative solution, along with detailed rationale | |
| 7.2 | Is SEBI to relax any specific regulatory requirements, for the duration of the sandbox? Please provide the details along with detailed rationale | |
| 7.3 | In the event of a successful test and before exit from the sandbox, provide details on how SEBI’s regulatory requirements shall be complied with. | |
| 7.4 | The applicant needs to mention what regulatory changes are expected to enable the applicant to launch their solution in the live market post completion of the sandbox testing. | |
Enclosures with Annexure- 1:-
1. Copy of Certificate of SEBI Registration.
2. Letter of undertaking that the applicant is not blacklisted or debarred by any Govt. department due to breach of general or specific instructions, corrupt or fraudulent or any other unethical business practices.
3. Letter of undertaking declaring that the applicant accept that in case of any violation as detailed under clause 45 of the Regulatory Sandbox framework circular, SEBI may initiate appropriate action against the applicant such as debarment, monetary penalty, prosecution etc.
4. Project Plan including timelines and milestones of major activities.
5. Positive consent of users who would be participating in the sandbox testing as per the format prescribed in Annexure-4.
ANNEXURE -2
REGULATORY SANDBOX APPLICATION FORM: STAGE -II
| 1. Applicant’s Information | ||
| Sr. No. | Description | Response |
| 1.1 | Name of the Organization | |
| 1.2 | SEBI Registration no. | |
| 1.3 | Name of the Authorized Representative | |
| 1.4 | Designation | |
| 1.5 | Contact No | |
| 1.6 | Email id | |
| 1.7 | Date of Submission of Application Form for STAGE-I | |
| 2. About the proposed solution | ||
| Sr. No. | Description | Response |
| 2.1 | Please submit the details of the risks observed during Stage-I testing along with steps taken to mitigate those risks | |
| 2.2 | Please provide the adverse feedback received from the users participated during Stage-I and steps taken to address the same | |
| 3. Sandbox readiness during Stage-II | ||
| Sr. No. | Description | Response |
| 3.1 | The test criteria and expected outcomes | |
| 3.2 | Describe the additional use case that will be tested in the sandbox based on the learning from Stage-I testing | |
| 3.3 | Define success for a test and the Key Performance Indicators that will indicate a successful test | |
| 3.4 | Probable start and end date of sandbox testing | |
| 3.5 | Details of users including but not limited to:
a. Number of participating users b. Profile of users (retail, institutional, etc.) c. Process for enrollment and acquisition of users d. Requirement of KYC e. User awareness required/conducted |
|
| f. Whether consent required /has consent been obtained
g. Arrangements to limit loss if applicable e.g. Margin, stop loss thresholds etc. h. User compensation if any i. Value at risk per user j. Transaction thresholds per user |
||
| 3.6 | Risk assessment and mitigation options including but not limited to:
a. Failure of sandbox testing b. Financial loss to the users c. Cyber attack d. AML and terrorism financing |
|
| 4. Deployment post-testing | ||
| 4.1 | Describe how the regulatory requirements will be met post successful sandbox testing | |
| 4.2 | Please provide a pan-India deployment strategy, post successful sandbox testing | |
| 4.3 | Please provide a clear strategy to monitor the outcomes in the live scenario | |
| 4.4 | Please provide withdrawal strategy if the deployed solution turns unviable and the tests are unsuccessful including action plan for participating users who had joined the sandbox | |
Enclosures with Annexure- 2:-
1. Positive consent of users who would be participating in the sandbox testing as per the format prescribed in Annexure-4.
ANNEXURE -3
REQUIREMENTS WHICH WILL NOT BE RELAXED AND WHICH MAY MERIT RELAXATION (FOR ILLUSTRATIVE PURPOSE)
a. Requirements for which relaxation will not be considered
i. Fit and proper criteria of applicant and partner
ii. Principles of KYC of clients
iii. Prevention of money laundering and countering the financing of terrorism
iv. Confidentiality of customer/user information
v. Risk checks (like price check, order value check, etc.)
vi. Handling of user’s moneys and assets by intermediaries beyond the existing regulations
b. Requirements that may merit relaxation
i. Net worth of applicant
ii. Financial soundness of applicant
iii. Track record of applicant
iv. Registration fees
v. SEBI Guidelines, such as technology risk management guidelines and outsourcing guidelines
ANNEXURE -4
USER CONSENT FORM FOR PARTICIPATING IN THE REGULATORY SANDBOX
Organization Name [Sandbox Applicant]: ______________________________________
Name of the user participating in the Sandbox testing: ______________________________________
1. I hereby agree to participate in the sandbox testing conducted by the abovementioned sandbox applicant.
2. I have been fully informed about the purpose of the test.
3. I have read the full documentation provided by the sandbox applicant and confirm that I am aware of the risks of using the solution and know that I may lose my investment.
4. I am also aware that my participation in the testing will be only till the approved duration of the sandbox testing and SEBI may revoke approval to participate sandbox testing as per “Revocation of the Approval” clause of the Standard Operating Procedure of the Regulatory Sandbox.
5. I understand that participation in this sandbox testing is voluntary.
6. I also confirm that the applicant has published and I have read and agreed to the grievance redressal mechanism to address any of the grievances which I might have, related to participating in the sandbox.
7. I note that certain exemptions have been given to the sandbox applicant under regulatory sandbox which limits my level of protection in the market.
8. I have read and understood the exit and withdrawal strategy proposed by the applicant which shall be applicable in the event of successful and unsuccessful testing.
9. I understand and agree that in the event of any claim for financial loss or damages arising from participating in the sandbox testing, I shall pursue the same only against the applicant before the appropriate forum or court of law.
10. I understand and agree that I can revoke my consent during the middle of testing.
By signing below I acknowledge that:
I have fully understood the above mentioned statements and give my consent for participation in the Regulatory Sandbox testing.
Signature of the User: ______________________________ Date:______
