17 Oct 2018

Playing in the Securities and Commodities Authority’s Regulatory Sandbox

Authored by: Sundus Khan

In brief:

  • The UAE’s Securities and Commodities Authority (“SCA”) passed Board of Directors’ resolution no. 28/R.M of 2018 adopting the FinTech Regulatory Sandbox Guidelines.
  • These guidelines are a clear signal to the market that innovation is on the regulator’s agenda.
  • Regulatory sandboxes will play an increasingly important role in encouraging financial institutions and startups to develop new FinTech products and services.

In September 2018, in view of rapid development of the financial technology (“FinTech”) sector, and as part of the UAE’s National Innovation Strategy the UAE’s SCA, passed a resolution adopting the FinTech Regulatory Sandbox Guidelines.

The SCA’s guidelines are a clear signal to the market that innovation is on the regulator’s agenda.

Regulatory Sandboxes

When an industry rapidly evolves, it can be unclear if any regulation should be applied, and if so, to what extent. A regulatory sandbox is a framework set up by a financial sector regulator that allows FinTechs to live test their innovative products, services, solutions and business models on a small scale, under a relaxed regulatory environment, which is focused on both safeguarding rights of investors and creating an environment attractive to capital markets.

The rise of FinTech requires regulators to understand how to best apply regulatory principles to new financial and business models created by FinTech companies. Since regulatory clarity is critical for growth of the FinTech sector, regulatory sandboxes help regulators understand the product, service or business model, and develop legislation accordingly.

The idea behind a sandbox is that the regulator not only makes sure no consumers are hurt during the FinTechs’ innovation process, but also that it has a frontrow seat to guide the innovation process.

ADGM RegLab & DIFC Hivetech

Other local examples of regulatory sandboxes include the Abu Dhabi Global Market (“ADGM”)’s Regulatory Laboratory and Dubai International Financial Centre (“DIFC”)’s FinTech Hive Accelerator Programme.


In 2016, the ADGM launched its Regulatory Laboratory (“RegLab”) a bespoke regulatory framework which provides a controlled environment for FinTech firms to develop and test innovative FinTech solutions. Successful applicants test their product according to regulatory requirements tailored to contain the specific risks and impact of their particular test. These safeguards allow FinTech participants to explore and develop innovative solutions in a risk-appropriate and cost-effective environment.

ADGM RegLab successfully concluded its third round of applications for RegLab with a total of 36 local and international new FinTech innovators offering potential solutions for the financial and small-medium enterprise (SME) sectors in the Middle East and Africa region.

DIFC’s FinTech Hive Accelerator programme

In 2017, the DIFC launched its FinTech Hive Accelerator programme providing a platform for the world’s most innovative start-ups the opportunity to test, develop and adapt their solutions to meet the evolving needs of the region’s financial services and insurance industries. The accelerator invites startups from the region and around the world to pitch their ideas to join a programme that grants them invaluable access to, and feedback from, potential clients and investors.

The selected finalists move into a 12-week curriculum that includes mentorship opportunities and workshops with financial institutions, regulatory bodies, insurance companies, and more among other partners in the UAE.

For its 2018 programme, FinTech Hive accepted 22 Innovative startups

SCA’s Sandbox participation lifecycle

Application – Evaluation – Preparation – Testing – Validation

  1. Application

A FinTech company is required to submit an application showing its proposed service, product or business model meets the eligibility criteria for use of the regulatory sandbox.

SCA shall consider applications from:

  • UAE based individual entrepreneurs (citizen or resident), domestic startups or established UAE based companies;
  • Financial free zone subject to cross-border recognition arrangements;
  • Foreign companies in jurisdictions with CFT/AML laws (Combatting the Financing of Terrorism/Anti Money Laundering) similar to the UAE or stricter; and
  • Companies that have already applied for other sandboxes in the UAE or abroad.
  1. Eligibility

Applications are considered against the following criteria:

  • The proposed business plan offer genuine innovation in terms of technology.
  • The product, service or business model intends to create a measurable benefit to consumers and/or industry growth.
  • The business plan is ready to be tested and shows a genuine need to be tested in the sandbox.
  • The applicant meets the ‘fit and proper’ criteria of integrity, competence, financial solvency and legal capacity in compliance with applicable SCA regulations.
  • The applicant has defined test scenarios and expected outcomes of the sandbox experiment with clear objectives, parameters and success criteria, along with a defined exit strategy for discontinuation of the product or service if it does not succeed, or defined transition strategy for market-wide launch.
  • The applicant has written consent of the consumer to participate in the sandbox experiment and has sufficient safeguards in place to protect its consumers.
  1. Preparation

SCA and the applicant agree on the testing terms, sandbox duration, testing parameters, measures to determine success, and necessary measures to protect consumers in case of failed testing.

The sandbox testing period runs between six to twelve months, which will provide SCA with insight to innovations and their impact on consumers and the financial market. SCA may extend the testing period on a case-by-case basis.

  1. Testing

The product, service or business model is then tested in a real and safe environment to ensure compliance with consumer safeguards agreed between the SCA and the applicant. Testing outcomes reports are submitted to SCA to highlight milestones achieved key issues and operation incidents, and actions taken to address any key issues.

  1. Validation

Final outcome reports are submitted to SCA, after testing is complete. If the test fails, the service is stopped and consumers are informed accordingly. If the test succeeds and the participant decides to continue the provision of the service, the applicant applies to SCA for a license.

Regulatory sandboxes will play an increasingly important role in encouraging FinTechs to develop new products and services. A structured testing environment based on a strong relationship between the SCA and applicants is paramount and a means for advancing the FinTech revolution, which is already underway.

Hadef & Partners’ Banking & Finance team is able to advise on the SCA’s regulatory sandbox guidelines for FinTechs.


This article, together with any commentary, does not constitute legal advice. It is provided solely for information purposes on a complimentary basis, without consideration of any specific objectives, circumstances or facts. It reflects then current views of the writer which may modify in time and based on differing objectives, circumstances or facts. A writer's view may differ from views of colleagues and/or the firm. You should seek legal advice on each specific matter. Access to this article does not form an attorney-client relationship.