1. The cause of sandbox supervision
In November 2015, the UK Financial Conduct Authority (FCA) proposed a sandbox plan to develop a good regulatory system to evaluate financial technology systems while encouraging innovation. FCA found that there are three phenomena in the UK: 1) some financial technology companies spend a lot of money and time designing systems to evade supervision; 2) banks and financial companies are unwilling to open applications to technology companies and build technical barriers because of fear of competition. Obstructing new technologies from entering the formal market; 3) Regulators do not understand these new technologies, and they do not know how to supervise them. This kind of situation is not good for the country or organization.
Now let's talk about the background at the time so that readers can understand this more clearly. At that time, financial technology was a hot topic all over the world. In January 2015, The Wall Street Journal reported that the blockchain was the biggest financial innovation in 500 years, attracting a lot of attention. The “blockchain” reached its peak in Google search rankings. In October of the same year, Wall Street began to make the first batch. Investment; in December, IBM launched a super-book project. In a month, the British chief scientist listed the blockchain as a British national strategy. In this context, British regulators (belonging to the Bank of England) introduced sandbox supervision.
FCA found that some companies spend a lot of money and time designing systems to evade regulation. What technology is that? Artificial intelligence, big data, the Internet of Things, or cloud computing? No, these are not technologies that evade regulation. These can also support regulation. The UK does not need to open a sandbox plan for these technologies.
- Opinion: "Unable Triangle" of Stabilizing Coins
- Where are you, my blockchain is back?
- Blockchain practitioners: 2019 is too difficult for me
- Regarding the Ethereum Istanbul hard fork, we need to understand these (with user guide)
- Discussion: The Future of Open Finance, Public Chain and Alliance Chain
- Blockchain weekly developments of listed companies (2.10-2.14): 5 companies have made progress
The technology to evade regulation is the blockchain, especially the digital tokens based on blockchain technology. These digital tokens use P2P network technology. As long as there is a network anywhere in the world, there are servers on the Internet equipped with a digital token system, and this token system can be run everywhere. Moreover, using the continuous encryption mechanism, the uploaded data cannot be changed, and cross-border payment can be made. These transactions do not pass through central bank systems (including the Bank of England), making it impossible for the UK to regulate these transactions and not through the SWIFT system, which breaks the current international payment system .
This is a surprise and worry for the British regulator. Surprise is the emergence of a new technology, but at the same time the technology is evading supervision, supporting illegal activities such as money laundering, and must be governed to maintain financial stability. The problem is that they do not understand the technology, and they do not know how to supervise the technology.
But the technology itself is neutral, can support illegal activities, support the next generation of financial technology, and can also be a weapon of supervision, which opens the UK's sandbox supervision program. In this context, the British FCA proposed the concept of sandboxing, the most important purpose of which is to encourage innovation under the national regulatory system:
- Let traditional financial companies understand, accept and experiment with new financial technologies to assess whether these new technologies can produce real benefits for the financial industry;
- Let technology companies that evade regulation no longer develop technologies that evade regulation, but develop technologies that have positive energy for financial markets;
- Let regulators understand new technologies, develop regulatory technologies together, and use technology to monitor technology.
According to later data, the technology companies that joined the sandbox in the UK are the most blockchain startups, and the UK has also learned many new technologies and processes in the blockchain. This has made the UK more aware of how to regulate the blockchain system, including the digital token system.
In February 2019, the British FCA released digital token market data and blockchain supervision principles, representing the UK's understanding of the technology more mature than before. The United Kingdom believes that monetary law should be used to govern stable currency, securities law to use to control securities tokens, and traditional digital tokens to be self-defeating in the market, because the US regulatory agency SEC has severely hit digital tokens in 2018  ].
2. The digital token market is chaotic, and the blockchain system is mixed.
Later, the development of digital tokens confirmed that the concerns of British regulators were not superfluous. From mid-2017 until the end of 2018, the digital token market experienced a series of crazy rises and subsequent tragic plunges. In the process, many blockchains or related technologies were constantly being proposed, and many new technologies evaded supervision.
The digital token market is very confusing. Although China banned ICO and other activities in September 2017, there are still some organizations that promote their chain as a “national team” – such as the chain recommended by the Ministry of Industry and Information Technology, the National Development and Reform Commission or the Internet Office; or Technology advances, is the next generation of blockchain; or chains from famous universities at home and abroad such as Oxford University, Berkeley University, Tsinghua University and so on.
However, according to the FCA report of February 2019, 78% of ICO projects are downright scams, and the remaining 22% of projects may still be “partial” scams. After the digital token plunged, many digital token companies may now have closed down or their tokens are worthless. Some of the chain of famous schools at home and abroad or the chain recommended by the state units have also proved to be illusory. The well-known EOS was found by research institutions not to be a blockchain, and the consensus mechanism was also problematic. Due to the plunging of digital tokens, some project parties violated the original contract restrictions and carried their money. This is a very serious matter abroad, and dissatisfied investors have come to court.
The chain that was originally advertised as “decentralized” is now accused in foreign courts, confirming that “decentralization” was a false proposition . Same as the 2016 Dao event. When making money, he publicly advertises the freedom of “decentralization.” When someone happens, no one cares about the concept of “decentralization”, but goes to a centralized court to go to court.
This kind of chaos does not only happen to the public chain, but also to the chain of alliances. The hyperledger was discovered in 2018 as a centralized pseudo-chain. The centralized Kafka controls the communication of all nodes, once Kafka The center is controlled and the entire chain is controlled. The well-known Ripple chain has also been found to be a centralized system by independent research reports. Earlier, in 2017, R3's Corda also publicly admitted that they were not blockchains, but similar blockchains.
These chains are used in financial, public security, and government affairs. The risk of a centralized chain is that there is a central node, and once the central node is controlled, the entire chain is controlled.
A large number of foreign financial institutions have also done a lot of research, including the European Central Bank, the Bank of Japan, the Bank of Canada, the Central Bank of Singapore, DTCC, SWIFT and other institutions have done large-scale experiments, even the South African banks have also done experiments.
3. In 2015, the UK proposed a sandbox system to encourage innovation.
Part of the problem with these chains was because there was no fair, scientific and systematic assessment tool at the time . Therefore, the UK proposes three types of sandbox models: regulatory sandboxes, industrial sandboxes and umbrella sandboxes .
The financial service software runs under the analog control system, and each software enters the sandbox with different conditions and one discussion. The supervision sandbox is the supervision of financial technology by administrative means and the establishment of qualification standards. Entering the sandbox will help the company's financial services innovation and bring benefits to consumers. Companies entering the sandbox need the ability to fund and control risk. Regulators select companies and protect consumers by monitoring sandboxes. There are now many countries and regions around the world using regulatory sandboxes such as the United Kingdom, Canada, Singapore, Malaysia, and Hong Kong.
The financial services company runs the software under the analog control system, where the running data is only recorded in the sandbox and not recorded in the real system. Because each company provides different services, how to set up and how to test the sandbox is a matter of fact, that is, regulators and financial technology companies need to discuss design test standards and test procedures. But companies entering the sandbox program are immune from some regulatory responsibilities, and in this environment, financial technology companies can experiment.
Due to the complexity of sandbox implementation, not every company can enter the sandbox system. First, we need to judge whether the technology provided by the financial technology company is innovative, whether it can bring benefits to consumers, and whether there are enough funds and enough technology to support the sandbox test. If not, they will be Refuse. And the company must bear the responsibility of protecting consumers, and can not harm the consumers or participating companies in the process of sandbox testing.
Sandbox participating companies can collect actual data and user opinions on products or services in sandbox experiments to make appropriate modifications to related products or services prior to official launch. In other words, the sandbox will help financial institutions and technology companies to launch products and services faster, and reduce costs and improve product quality.
By carefully reviewing the process of these sandboxes, we will find that the definitions of regulatory sandboxes vary from country to country.
The UK first introduced the regulatory sandbox in 2015, which was originally due to the inability of financial technology to connect with traditional financial institutions. The British government has proposed a sandbox system to encourage innovation and allow financial technology companies to use desensitization data in the core scenarios of financial institutions to conduct real financial experiments in a simulated sandbox environment.
In Hong Kong, the regulatory sandbox 1.0 requires banks to apply for participation. In this case, the financial technology company must first reach an agreement with the bank to enter the sandbox. Banks have actually become the first barrier to choosing financial technology. This is different from the UK's regulatory sandbox. Most of the applicants are financial technology companies, and FCA directly connects with financial technology companies. In the sandbox, FCA can recommend technology companies and financial institutions to cooperate.
Obviously, although they are all regulatory sandboxes, the UK focuses on innovation (FCA-led financial institutions are open to technology companies), but Hong Kong focuses on regulation (because banks are not willing to open applications to technology companies, in this context, traditional financial companies More dominant.) Later, Hong Kong's Regulatory Sandbox 2.0 allowed financial technology companies to communicate directly with regulators, and at the beginning of financial technology projects, regulators could provide feedback to banks and technology companies. This means that technology companies and banks can get the same information at the same time. Obviously, it has the meaning of encouraging innovation.
Industrial sandbox or virtual sandbox (Industry Sandbox)
The industry was established spontaneously, with a virtual test environment and industry-wide. The industrial sandbox can provide services for regulators, while providing services for technology finance, customers, entrepreneurship incubation, education and research, and fund investment. However, the UK has not yet published an industrial sandbox design.
A non-profit sandbox umbrella company, authorized by financial regulators, to provide sandbox services. Similarly, the umbrella sandbox has not yet been actually launched.
Today, many sandboxes place too much emphasis on the regulation of financial technology, and forget the support of financial technology, including scenarios and data support, which enables traditional financial institutions to access new technologies in the sandbox environment, while high-quality financial technology It can also be accelerated to hatch, which is the original intention of the sandbox.
4. Practice and analysis of supervision sandbox
Let us now analyze the regulatory sandboxes in the UK and Hong Kong.
4.1. UK regulatory sandbox case
The UK has introduced a very complete sandbox report , which states that the steps for using the “regulatory sandbox” are as follows:
Step 1: The company submits a proposal to the FCA to use the sandbox, which needs to include the new solution and how it meets the relevant standards;
Step 2: The FCA reviews the evaluation proposal and, if the proposal meets the criteria, accepts the proposal and assigns the case officer to the company as an associate;
Step 3: If the proposal is accepted, the EAA works with the company to set the best sandbox options, test parameters, measurement results, reporting requirements and protection measures;
Step 4: When the sandbox option is officially delivered, the FCA allows the company to begin testing;
Step 5: The company negotiates with the EAA and starts testing according to the consensus opinion reached in Step 3;
Step 6: The company submits a final report on the test, and the FCA reviews the final report;
Step 7: After the FCA reviews the final report, the company decides whether to provide a solution outside the sandbox.
The regulatory sandbox has been in operation for three years in the UK. In the first phase, only 26% of companies can enter the sandbox, and many companies have not applied because they believe that they cannot be tested; only 40% of companies in the second phase can enter the sandbox program.
Moreover, it is not the final entry into the sandbox system that can pass the experiment. For example, in the second phase of the company that entered the sandbox, 25% of the companies were dragged to the third phase because the software could not pass the test (accounting for the third phase of the application company). 10%). As a result, only 30% of companies in Phase 2 were able to successfully enter the sandbox and “graduate” from the sandbox through testing.
It can be seen that most of the companies that apply for are rejected by the sandbox (74% of the applicants in the first phase are rejected), which does not include those companies that automatically waive the application after seeing the rules of the sandbox.
In the first two years, a total of 146 companies applied to enter the sandbox, 50 of which were accepted and 41 were tested in the sandbox. 1/3 of the companies tested have improved their business plans with zhe sandbox experience. Most of the companies that enter the sandbox are engaged in the blockchain industry (this is the initial reason for the UK to propose sandboxes), many of which are in cross-border payment systems.
The UK FCA publicly acknowledged that these companies entered the sandbox, giving them a deeper understanding of the blockchain and knowing how to supervise these new technologies. As the author often said that the sandbox gives the regulator the opportunity to learn, the correct knowledge cannot be obtained from the blockchain white paper or propaganda alone. When blockchain companies see blockchain technology running in the sandbox, they themselves understand the risks of using blockchains in the financial system and let regulators know how to effectively regulate blockchains.
In addition, through sandboxing, UK regulators have discovered many new technology applications and financial processes. For example, the UK found that the traditional long IPO (stock listing) process can be done online. Now this process requires a lot of auditing and attorney work, and it is difficult to complete it online. However, the UK FCA clearly saw the possibility in the regulatory sandbox and found that such a process allows participants (such as investors, project parties and regulators) to have better interactions, data more secure and smoother processes.
This is consistent with the preparatory work of Overstock in the United States starting in 2015. They have always wanted to issue stocks and bonds on the blockchain. If this becomes a reality, some traditional financial institutions may change dramatically. For example, traditional stock registration and distribution companies may change dramatically in both processes and platforms. The use of blockchains to register and issue stocks has been a major reform of many people's perceptions of blockchains in financial markets and has been recommended by Overstock for many years on Wall Street, so when the UK regulators saw this in the sandbox, it was What is done in a controlled environment is still amazing. These innovations certainly take a lot of time to mature in financial market deployments, but this is an important message for those who doubt the blockchain.
At the beginning of the Internet economy in early 1990, most traditional companies, mainstream media and financial experts were loudly accused and criticized in the United States, saying that this is not in line with economic theory and is a big bubble of the century. Fifteen years later, the traditional companies that criticized or opened their Internet business, or have closed their doors, and pushed the Internet business before closing, but it is too late, and the Internet companies they made teased out. Amazon is a typical case, and many traditional bookstores are closed 15 years later.
UK regulators have also found that many existing business processes can change, which can have positive effects, including loans, insurance, consumer protection, and robotics financial advisors. These innovations are all done in the sandbox.
Figure | Application Map of the UK Sandbox Project (Source: FCA)
According to the data, 75%-77% participated in the UK sandbox program to complete the test, and 90% of the companies that completed the sandbox test later developed in the market. At the beginning, some companies only got some authorization, only part of the experiment in the sandbox, and most companies were fully authorized.
From the above data, it can be seen that the regulatory sandbox is effective. Some fintech companies have not applied to enter the sandbox because they know from the rules that they can't pass the process of “supervising the sandbox”. For example, only PPT and no software can be tested, it is impossible to pass the sandbox.
Figure | Company distribution maps participating in the UK FCA Sandbox Project, mostly startups (source: FCA)
According to the UK FCA report, 40% of startups are financed after a baptism in the sandbox.
From the 2017 to 2018 globally popular ICO project, if there is an “ICO Regulatory Sandbox”, many will not be possible because they are not eligible to apply for a sandbox program – many only “white paper” and PPT, no The software can be tested. But these projects can actually be tens of millions to billions of dollars from ICO, and their tokens continue to rise after the market.
The UK FCA found that companies that want to enter the sandbox program include large banks such as HSBC (HSBC). Originally this plan was designed for new technology companies, but it is seen that the regulatory sandbox is also attractive to banks. Through the supervision of the sandbox test, the system has certain quality and innovation, so the bank is also interested in participating and is willing to compete with the new financial technology company on the same platform. New technologies are not patents of financial technology companies, and traditional financial institutions can also be innovative.
4.2, Hong Kong sandbox practice
Hong Kong has released a version 2 sandbox plan, and Sandbox version 2.0 has three new features:
- Establish a regulatory chat room: provide information and feedback to sandbox participants as soon as possible in the early stages of the financial technology project;
- Direct communication: technology companies do not need to go through the bank, they can communicate directly with the HKMA through chat rooms;
- The Sandbox of the HKMA, the Securities and Futures Commission and the Insurance Authority will operate in coordination with each other to provide a "one-click" cut-off for cross-boundary financial technology projects and to link up to three regulators as required.
Bank management entering the sandbox needs to ensure the following safeguards, and banks cannot use sandboxes to circumvent applicable regulatory requirements;
- Boundary: Clearly define the scope and stage, time and termination of the trial;
- Measures to protect customers: Measures to protect the interests of customers during the trial period generally include measures to identify the risks involved and voluntarily participate in the trial, the handling of complaints, compensation for financial losses of customers, and arrangements for customers to withdraw from trials;
- Risk management measures: Introduce additional control measures to reduce the risks caused by not fully complying with regulatory requirements, as well as the risks posed to the bank's production system and other customers;
- Preparation and monitoring: The systems and procedures involved in the trial should be ready and the results of the experiment must be checked.
The HKMA does not list the regulatory requirements that may be relaxed in a sandbox environment. This is an individual discussion.
(Source: Cai Weide)
4.3. “Global Financial Innovation Network” GFIN
The Global Financial Innovation Network (GFIN), consisting of 29 international organizations including the UK, Singapore, Dubai, Canada, Hong Kong and Australia, is the UK's first global regulatory alliance . Apply to participate in pilot cross-border testing. GFIN is committed to financial innovation and was founded in August 2018. Most of the participating units are from countries or regions of the Commonwealth.
A number of financial regulators collaborate to test innovative products or services in international markets, particularly cross-border financial business testing. The aim is for innovative technology companies to interact more effectively with regulators and help them develop their businesses.
4.4. Analysis of the UK and Hong Kong regulatory sandbox experience
It is clear from the process and data of the UK and Hong Kong to monitor the sandbox that the regulatory sandbox is an “institutional sandbox” or “legal sandbox” system. This can be seen from the purpose of the UK's proposed sandboxing, which is to encourage innovation, but some innovations cannot be deployed under current regulations. Since the law does not allow it, or the law is still unclear whether these innovations can be deployed and used, these innovations cannot be deployed or experimented. These innovative companies may go to the black market or design systems to evade regulation.
The regulatory sandbox is to allow some innovations to be experimented, and it can be deployed until all parties, including financial institutions, regulators, and technology companies, agree that the innovation can bring benefits and reduce costs under existing regulations. And because innovation is different, the regulatory sandbox does not list details of specific evaluation criteria and conditions.
For example, the conditions for monitoring the sandbox in the UK are that the technology is innovative, can bring benefits to consumers, has sufficient funds and technology to support sandbox testing, and can bear the burden of protecting consumers. In the process of sandbox testing, it cannot be Consumers or participating companies have any harm and can enter the sandbox. However, the conditions without details are not always easy to pass, and there are difficulties in execution. From the past experience, there are the following difficulties:
It is difficult to judge whether technology is innovative: what is the problem? Who can judge that a technology is innovative? In the past few years, I have talked with several fund and blockchain project parties and found that not every team has the ability to judge whether this technology is innovative. Some funds also have Ph.D. who have returned from abroad, graduated from prestigious universities, and worked in important foreign laboratories, but they still do not understand the blockchain technology.
In addition, in the past, many concepts of incorrect blockchains emerged. These incorrect concepts greatly affect the judgment of funds or investors. For example, some of the aforementioned chain names are recommended by the national unit, next-generation blockchain technology, or a chain of famous schools at home and abroad, which may affect the judgment of investors or regulators.
Talking to technology companies can quickly learn about new technologies, but it may still be difficult to get a deeper understanding, especially on controversial topics. For example, blockchain scalability has always been a long-standing problem in blockchain. Today a famous chain uses a technology, and other blockchains will immediately "learn". The question is, must that chain be correct? Maybe it is not a blockchain at all ? How can a non-chain extension technology (and possibly an incorrect technology) let other blockchain systems learn? ?
Insufficient knowledge base and talent pool of regulators: Technology has been improving. Last year's new technology may not be new this year, but the process and system for monitoring sandboxes are still the same. Regulators need continuous learning to judge whether a technology is innovative. One of the problems discovered by FCA in the UK is that regulators are not aware of new technologies, so this problem can be very difficult to resolve. Regulators may need to recruit experts from outside to join the regulatory team or train insiders. Regulators must also maintain a knowledge base that is constantly being updated.
Regulatory assessments are difficult to agree : Since the sandboxed regulatory process does not list assessment criteria, different regulator teams may have different assessment results. For example, how to evaluate a project innovation? Maybe in the same regulatory body, one team thinks one project is innovative, and the other team has different opinions.
Sandbox testing cannot be scientific, systematic, and objective: the UK regulatory sandbox is only an institutional sandbox, not an industrial sandbox. The institutional sandbox can have many legal assessments on compliance. The problem is even through sandbox assessment. Standards are generated in the sandbox process, but can this standard be verified by a scientific method? Can there be a systematic verification?
Because there is no objective testing tool, any test may use the system and data test of the technology company, but in software engineering, this is not a scientific verification, not an objective verification, not a systematic verification. There is no systematic scientific software testing tool listed in the regulatory sandbox. Without such a tool, there is a big loophole in the regulatory sandbox, and the final verification will not be scientific.
The Devil is in the detail: The regulatory sandboxes around the world look similar, but if you look closely, the difference is still big. For example, the Hong Kong Regulatory Sandbox 1.0 and 2.0 versions vary widely. In version 1.0, only banks can apply for participation, and technology companies must first reach a consensus with the bank before they can talk to the regulator. The problem is that an important reason for the sandbox is that banks are conservative and unwilling to open up innovation, and version 1.0 does not address this issue. Version 2.0 has been improved, and technology companies can talk directly to regulators to provide "chat rooms" to technology companies and banks. But this also increases the burden on regulators. In the past, regulators only had to talk to banks, and now they have to communicate with technology companies and understand the new technologies proposed by technology companies.
All in all, the regulatory sandbox is an important regulatory innovation in history, giving new technology and technology companies an opportunity to follow the formal path. Otherwise, these technology companies may continue to develop technologies that evade regulation, and the damage to the financial market may be even more Big. The impact of the rise and fall of digital tokens from 2017 to 2018 on foreign financial markets is very clear. If around 2009, the British government proposed the concept of sandbox supervision, and there may be a completely different route for the development of blockchain technology.
Prior to the January 2015 Wall Street Journal and the January 2016 UK Chief Scientist report, blockchain-related technologies were denied in mainstream financial markets and the scientific community. In the United States, even developers have lived in prisons, fled the United States, or It is incognito (such as the inventor of Bitcoin). So that some companies take the evasion of supervision. The CEO of JPMorgan Chase Bank’s views on related matters will be a classic case in history. Fortunately, JPMorgan Chase Bank is quickly on the right track, using blockchain technology to practice JP Morgan's internal stable currency (JPM coin) and gai coin-based cross-border payment system.
Through its own sandbox system, FCA sees that many traditional financial processes can be changed by blockchains, such as IPO processes, which should be the biggest gain of the regulatory sandbox. The technology that was originally used to evade regulation can now be used to innovate in legally compliant financial markets, and the UK's gains are not that great.
( To be continued)
1. Hayley Kirton
Http://www.cityam.com/profile/hayley-kirton), "Why a Red Tape Bonfire won" t Help Fintech: The FCA's
2.Christopher Woolard talks to City AM about Regulation Testing,” March 27, 2017, City AM, available at
3.Financial Conduct Authority, "Regulatory Sandbox," Nov. 2015.
4.Innovate Finance (UK), "Industry Sandbox: A Development in Open Innovation Industry Sandbox Consultation Report," 2017.
5. Bill & Melinda Gates Foundation, "Requirements for a Pro-Poor Interoperability Service for Transfers," Seattle: Bill & Melinda Gates Foundation, 2014.
6. Financial Conduct Authority, "Regulatory Sandbox Lessons Learned Report," Oct. 2017.
7. Cai Weide et al., “Application of distributed ledger technology in payment, clearing, and settlement services”
8. Cai Weide et al., “Part 2 of the PFMI Series: The Clearing Chain “Design Road””
9. Cai Weide. "Cai Weide: Supervising the sandbox 2.0 pseudo-innovation"
10. Cai Weide, “Regulatory Sandbox 2.0 and Industrial Sandbox Economics”
11. Cai Weide, "True and False Block Chain – Taishan Sandbox knows!"
12. Cai Weide, “The Sandbox Technology for Regulating Technology”
13. “Blue Book of Technology Assessment and Analysis for Global Public Link Projects”
14.UK FCA, Global Financial Innovation Network (GFIN), August, 2018,
15. Cai Weide et al., "Pro, what chain is your chain?"
16. Cai Weide et al., “Several important pits of blockchain technology (top)”
17. Cai Weide et al., “The lessons of tens of millions of dollars – the difficulties and solutions SWIFT encountered”
18. Cai Weide, “Let the bullets fly for another time: Interpretation of the SEC Commissioner of the US Securities and Exchange Commission”
19. Cai Weide, “The blockchain is “decentralized” and not “decentralized”
Jiang Xiaofang: Ph.D. student of Beihang University of Computer Science, Chartered Financial Analyst (CFA), member of Beijing Financial Analyst Association