Chapter 31 Exercises: Regulatory Sandboxes — Innovation Meets Oversight

Exercise 1: Eligibility Assessment — Three Innovation Profiles

You are advising three fintech firms that are each considering applying to the FCA Regulatory Sandbox. Assess each firm's eligibility against the five FCA criteria (genuine innovation, identifiable consumer benefit, need for sandbox, UK nexus, and readiness to test). For each firm, produce a structured eligibility assessment identifying which criteria are met, which are not met, and what additional information you would need to complete the assessment.

Firm A: LoanBridge

LoanBridge has built a peer-to-peer lending platform for small business borrowers. The platform matches borrowers with lenders based on credit scores produced by a standard credit reference agency. Lenders are retail investors. The platform charges an intermediation fee and claims to offer lower interest rates than high-street banks. LoanBridge is not yet FCA-authorized and wants to use the sandbox to test the platform with 200 borrowers and 150 retail lenders over six months. An FCA partner firm (already authorized as a P2P facilitator) is prepared to provide regulatory cover during the test. LoanBridge's external legal counsel has advised that the firm's model fits within the existing FCA P2P facilitation framework without modification.

Firm B: InsureNow

InsureNow has developed a parametric weather insurance product for UK smallholders — farmers with fewer than 50 hectares. When a defined weather event occurs (frost below -3°C for more than five consecutive nights, or rainfall below 30mm over any 90-day period in the growing season), the policy automatically pays out a fixed amount without the policyholder needing to make a claim or provide evidence of loss. The payout trigger is determined entirely by publicly available Met Office data. InsureNow has identified that this product category does not fit cleanly within the FCA's existing insurance product categories: it is arguably not insurance at all (no insurable interest assessment; no loss assessment; no claims process) but a financial product that transfers weather risk. InsureNow is not FCA-authorized. The product has been sold in the Netherlands under an AFM sandbox, where it performed well over an eighteen-month test.

Firm C: ClearPath

ClearPath has built a debt repayment management application for UK consumers with multiple unsecured debts. The application connects to customers' bank accounts via open banking, analyzes their income and expenditure patterns, and generates a personalized debt repayment schedule — including recommendations for which debts to prioritize and, in some cases, recommendations to approach specific lenders for debt restructuring or write-down. ClearPath has taken external legal advice and believes that its debt management recommendations constitute regulated debt advice under the Financial Services and Markets Act. It is applying for FCA authorization as a debt counselor but has been told the authorization process will take 12 to 18 months. ClearPath wants to use the sandbox to begin testing immediately while its full authorization application is pending. It proposes to limit the sandbox test to 300 customers with debts under GBP 20,000.

Your task: For each firm, provide: (a) a criterion-by-criterion eligibility assessment (pass / fail / requires more information); (b) a summary verdict on whether the firm is likely eligible for the FCA sandbox; (c) if not eligible, an alternative regulatory pathway recommendation.

Exercise 2: Drafting Waiver Requests

You have been retained as regulatory counsel for NeuralKYC, a startup that has developed an AI-based KYC verification system using facial recognition and behavioral biometrics (keystroke dynamics, mouse movement patterns during the onboarding journey). The system verifies identity by cross-referencing a live facial capture with a database of government ID photographs obtained under a Home Office data-sharing agreement, and validates authenticity through behavioral biometrics that establish a behavioral baseline consistent with the person completing their own onboarding.

NeuralKYC intends to apply to the FCA Regulatory Sandbox. You have identified the following two regulatory requirements that create barriers to testing the technology without a waiver:

  1. JMLSG Part I, Chapter 5.3.44: Customer Due Diligence requires verification against documentary evidence (passport, driving licence) or against two independent electronic data sources.

  2. JMLSG Part I, Chapter 5.3.60: Enhanced Due Diligence for non-face-to-face customers requires additional verification steps, including a certified copy of an identity document, because the regulatory framework regards digital-only onboarding as inherently higher risk than in-person onboarding.

Your task:

Draft two waiver requests (one for each rule), each structured to include: - The rule reference and a brief description of what it requires - Why the rule, as written, prevents NeuralKYC's technology from being tested - What consumer protection purpose the rule serves, and why that purpose is preserved by NeuralKYC's alternative approach - What specific alternative protection NeuralKYC proposes in place of the waived requirement - The duration for which the waiver is requested

Your waiver requests should be precise, honest, and consumer-protection-focused. They should not overstate the strength of NeuralKYC's technology or minimize the regulatory concerns the waiver raises.

Exercise 3: Designing Exit Criteria for an AI Lending Pilot

AltCredit Finance is preparing an FCA Regulatory Sandbox application for a pilot of its AI-driven personal loan decisioning system. The system uses a combination of open banking transaction data (with consent), psychometric assessments (a validated instrument used in behavioral credit risk assessment), and social data (with consent, restricted to LinkedIn employment verification). The system generates a loan decision (approve / decline / refer to human underwriter) and, for approvals, a suggested loan amount and interest rate.

AltCredit's test will involve 400 applicants over nine months. Half of the applicants will be assessed using the AI system; the other half will be assessed using AltCredit's conventional credit model (credit bureau score plus income verification), as a control group.

Your task:

Design a set of exit criteria for AltCredit's sandbox test. Your exit criteria should:

  1. Cover the primary technical performance of the AI model (accuracy, false positive/negative rates)
  2. Address the demographic fairness dimension — does the model perform equivalently across relevant customer groups?
  3. Address the consumer experience dimension — do customers understand the data being used and the decision they receive?
  4. Address the model stability dimension — does the model perform consistently throughout the test period, or do accuracy metrics degrade?
  5. Define a threshold below which the test should be considered to have failed, and above which it should be considered to have succeeded

Aim for six to eight specific, measurable exit criteria. For each criterion, state the specific metric, the measurement method, and the pass/fail threshold.

Exercise 4: Comparing the FCA and MAS Sandboxes for a Specific Use Case

A London-headquartered fintech, PayClear, has developed a cross-border payment reconciliation system specifically designed for small and medium-sized enterprises (SMEs) conducting trade between the UK and Southeast Asia. The system uses distributed ledger technology to create an immutable audit trail of payment instructions, confirmation receipts, and FX conversion records — addressing the common SME problem of payment disputes arising from timing gaps between instruction and settlement.

PayClear wants to test the system with twenty UK SMEs trading with counterparts in Singapore. It is considering applying to either the FCA sandbox, the MAS sandbox, or both (via GFIN cross-border testing).

Your task:

Write a comparative analysis of the FCA sandbox and MAS sandbox as testing pathways for PayClear, covering:

  1. Which sandbox better fits PayClear's primary regulatory question (what is the regulatory status of the DLT audit trail under UK payment services law vs. under MAS payment services regulations?)
  2. How the eligibility criteria apply to PayClear's model in each jurisdiction
  3. The key differences in sandbox terms that PayClear would likely encounter in each jurisdiction
  4. Whether GFIN cross-border testing is appropriate for PayClear's use case, and what additional value (or complexity) it would add relative to a single-jurisdiction application
  5. Your recommendation: FCA only, MAS only, or GFIN cross-border, and why

Exercise 5: Drafting a Consumer Disclosure Statement for Sandbox Participation

You are preparing the consumer-facing disclosure materials for VoiceVerify Ltd's FCA sandbox test (the biometric voice KYC system described in Chapter 31). VoiceVerify has been admitted to FCA Cohort 17. The disclosure must be provided to each customer before they participate in the sandbox test.

The FCA requires that the disclosure: - Clearly explains that the customer is participating in an FCA-supervised regulatory test - Describes the innovation being tested and how it differs from the firm's standard offering (if any) - Explains what regulatory requirements apply normally and how those requirements are modified in the sandbox - Explains what consumer protections apply in full despite the sandbox (including complaint rights and any compensation arrangements) - Describes how the customer's data will be used and for how long - Explains how the customer can withdraw from the test - Is written in plain English, comprehensible to a customer with no financial services background

Your task:

Draft a consumer disclosure statement for VoiceVerify's sandbox test. Your draft should:

  1. Be no more than 600 words in length (the FCA considers conciseness essential to genuine comprehension)
  2. Use plain English — avoid regulatory jargon or technical terminology without explanation
  3. Address all mandatory elements listed above
  4. Include a section heading structure that allows a reader to navigate quickly to the information most relevant to them
  5. End with a consent confirmation statement that the customer can sign or digitally accept

After completing the draft, write a brief note (150 words) explaining the three most significant design choices you made and why you made them.