RBI Revises Norms Related to Regulatory Sandbox

Mumbai: The Reserve Bank of India (RBI) on Wednesday revised the framework for Regulatory Sandbox (RS) scheme under which participating entities will have to comply with digital personal data protection norms. The central bank also extended the timeline of the various stages of the RS from seven months to nine months. 

“The framework (for RS) has been revised based on the experience gained over the last four and a half years in running four cohorts and feedback received from FinTechs, banking partners, and other stakeholders. Among others, the timelines of the various stages of the RS process have been revised from seven months to nine months,” the central bank said in a release.

A sandbox entity should ensure it has appropriate technical and organisational measures for the compliance of the



provisions under the Digital Personal Data Protection Act, the banking regulator added. Entities should ensure safeguards to prevent breach of personal data. Regulatory Sandbox usually refers to live testing of new products or services in a controlled/test regulatory environment for which regulators may (or may not) permit certain relaxations for the limited purpose of the testing. 

The objective of the RS is to foster responsible innovation in financial services, promote efficiency and bring benefit to consumers. The target applicants for entry to the RS are fintech companies, including startups, banks, financial institutions, any other company, Limited Liability Partnership (LLP) and partnership firms, partnering with or providing support to financial services businesses.