Last week, ASIC published its eagerly awaited public consultation paper on the so-called FinTech regulatory sandbox. ASIC Commissioner, John Price and his colleague Mark Adams launched the paper at a special meeting of the FinTech Melbourne group, hosted by KPMG. There was also participation by FinTech Australia represented by its new CEO, Danielle Szetho, and by the Digital Finance Advisory Committee, represented by Deborah Ralston.
The Commissioner was at pains to stress that, notwithstanding the developments within FinTech, and ASIC’s contribution via the Innovation Hub, the primary focus of the regulator is to “promote confident and informed consumers and investors, and to promote fair, transparent, orderly and efficient markets”.
To reiterate the point, Mr Price stressed that while the Innovation Hub is designed to help FinTech startups navigate the regulatory system, as well as reducing red tape, there should
be no compromise in ASIC’s fundamental regulatory and licensing regime.
ASIC will continue to adopt what it calls a modular approach to licensing and regulatory oversight, that includes: the ability to operate as a representative of an existing licensee; a focus on organisational competence; and the use of waivers and the “no-action” policy and decisions.
However, ASIC recognises the issues and barriers to entry that face some FinTech startups such as speed to market (a function of technology outpacing compliance?) and organisational competence (do firms need to hire in these skills and/or provide specific undertakings to that effect, or can they make use of third-party resources?). In ASIC’s view, by helping firms to reduce the time to market and to enhance their organisational competence, FinTech startups will be able to overcome the further barrier of access to capital. But there still needs to be acceptable consumer and investor outcomes, and efficient markets.
The proposals include additional guidance and discretion on organisational competence, and a limited license model that makes use of third parties as an alternative to establishing in-house organisational competence from day 1 (e.g., using an accounting firm as an external reviewer or sign-off), and limited exemptions during a defined test phase, yet still subject to some constraints to maintain a balance.
To clarify, ASIC currently exercises its discretion when assessing organisational competence based on the nature of the financial services and financial products to be offered, and the collective knowledge and skills of the people in the business. Under the proposals, the limited license will offer some additional flexibility to heavily automated business services and models, whereby the business can rely on professional third-party sign-off for compliance plans.
The sandbox exemptions will only be available to new Australian entities (to focus on startups) and only for a 6-month duration. It will be confined to certain financial services only – such as providing advice and arranging transactions. It will not include market making, and consumer protection will remain paramount. Once the limited license has expired, companies will either be instructed to cease operations, become an authorised representative of an existing licensee, or submit a full license application.
Other restrictions on the sandbox exemptions mean that applicants must be advising or dealing in liquid products (equities, managed funds and deposits), so not superannuation, insurance or derivatives. There will also be a cap on the number of investors (e.g., 100 retail clients), and on individual exposures (e.g., $10,000 per client), with an overall cap of $5m (but possibly unlimited in respect to wholesale clients?).
Participants must demonstrate they have adequate compensation arrangements, such as holding appropriate professional indemnity insurance and participating in an external dispute resolution process. They must also operate under core conduct and disclosure principles (e.g., disclosing trailing commissions).
There is some thought that sandbox participation could be “sponsored”, by third-party advisers, startup hubs or venture capital funds. This would operate on a “no liability” basis, and would primarily offer a preliminary health check of the FinTech applicant’s proposed business model. Above all, there will need to be adequate notification and reporting requirements, including a feedback process.
When comparing these proposals to what some international regulators are doing, ASIC believes they are more progressive than their counterparts. The UK is adopting a restricted licensing model, the US is using a “No action” process (more focused on credit providers?), and Singapore has recently announced a hybrid sandbox proposal.
During the Q&A session, the following issues were aired:
- Is ASIC in favour of mandatory client recording? No, it will continue to rely on industry best practice
- Is general insurance included in the sandbox? No, ASIC is not looking at risk-management products to be part of the exemptions.
- If incubators and/or VC’s are able to be sandbox “sponsors”, how will ASIC deal with potential bias? ASIC says it is alert to practices such as unreasonable “fees”.
- Would a new entity or product from an existing authorised representative be able to access the sandbox? It wasn’t clear whether this would be covered, but presumably not if it did not meet the “new business” requirement?
- Would the sandbox be available to non-financial services co-creating products for existing AFSL holders? Again, it wasn’t clear – but if it was a new business applicant, presumably it would. (This also raised the issue of “mature” businesses using disruptive or outsourced services as a way to access the sandbox.)
- ASIC will encourage companies to apply for a full license prior to end of the six month test, to ensure timely compliance
- What will happen as a result of people playing in the sandbox? Clearly, ASIC has a vested self-interest in learning about and getting exposure to innovation, but it needs to demonstrate a pro-active and efficient approach.
- What are the key criteria for the sandbox exemption? ASIC does not have a prescriptive approach (subject to the sandbox restrictions), so it will look at each application on its merits (e.g., short vs long-dated products, simple vs complex, retail clients vs wholesale), and focus on the financials, the organisational competence, and the business model. And obviously, experience counts.
- Timing of the sandbox? ASIC hope to see it operating by the end of September (Responses to the CP260 are due in by July 22).
Subject to the consultation feedback, there seems to be general industry consensus that the sandbox proposals are to be welcomed. But there are still some grey areas, as evidenced by the Q&A, and nowhere did I here anything specifically relating to the new emerging class of programmable currencies and other digital assets, many of which are pushing the regulatory boundaries, as well as disrupting traditional markets. And with current equity crowdfunding proposals stuck in Parliament, nothing happening there either.
(For some other responses to Consultation Paper CP260, check the following articles:
Next week: Customer service revisited