Hardly Child’s Play: North Carolina Joins the Growing Number of States With a FinTech Regulatory Sandbox
The rapid development of new technology impacts every industry, but regulators are paying significant attention to the current disruption of the financial services and FinTech industry. This is particularly true in the crypto assets market, which SEC Chairman Gary Gensler recently characterized as being “like the Wild West” with many participants “sitting astride of – not operating within – regulatory frameworks that protect investors and consumers, guard against illicit activity, and ensure for financial stability.”
Part of the challenge of providing appropriate regulatory frameworks is that traditional regulation and rule-making processes have struggled to keep up with the pace of new technology. Still, regulators are beginning to evolve and collaborate with industry experts to implement flexible regulatory programs to balance consumer protection and foster innovation. North Carolina became another important data point in this global trend on October 15, 2021, when North Carolina Governor Roy Cooper signed the North Carolina Regulatory Sandbox Act of 2021 (“NC Sandbox Act”) into law. With the implementation of the NC Sandbox Act, North Carolina is the 10th state to launch a “regulatory sandbox” for innovative FinTech or InsurTech offerings.
What are regulatory sandboxes, and how do they promote innovation?
Regulatory sandboxes are an increasingly popular approach for testing innovations under a regulator’s oversight. Although the rules and restrictions may vary, most sandboxes allow time-limited pilots to test emerging technology, services, and business models in a live marketplace. In some cases, regulatory sandboxes even permit testing services or technologies that would otherwise be expressly illegal under existing laws or regulations.
The collaborative nature of regulatory sandboxes presents a potential win-win for entrepreneurs and regulators. Regulatory sandboxes often reduce the barriers to entry for entrepreneurs and enable them to safely test and iterate on a solution before they invest considerable resources to scale their offerings. In exchange, regulators can gather empirical data about new business models and use an evidence-based approach for future policy decisions. This approach can validate or dispel regulatory concerns about an innovation’s impact and assist regulators and businesses in delivering beneficial services to the marketplace.
The UK Financial Conduct Authority launched one of the world’s first FinTech regulatory sandboxes in 2016, and the number of jurisdictions with regulatory sandboxes for FinTech solutions has skyrocketed since then. According to the World Bank’s 2020 Report of Regulatory Sandboxes, 73 FinTech-related regulatory sandboxes were operating in 57 jurisdictions around the globe as of November 2020. The vast majority of these sandboxes focus on promoting innovation in the delivery of digital financial services, and several sandboxes included specific goals of encouraging blockchain, InsurTech, and RegTech solutions.
In March 2018, Arizona became the first state to launch a FinTech-related regulatory sandbox, followed by Kentucky, Nevada, Utah, Wyoming, Vermont, Florida, West Virginia, and Hawaii. North Carolina just became the 10th state to implement a FinTech or InsurTech regulatory sandbox, and other states are considering similar regulatory programs.
Overview of the NC Sandbox Act and approval process.
North Carolina’s addition to the growing list of US FinTech sandboxes is important not only because of the state’s large banking and technology industries but also the fact that FinTech sandboxes are all working to generate evidence for similar issues that could help build a consensus for national standards.
The NC Sandbox Act recognizes a familiar problem: “that existing legal and regulatory frameworks are restricting innovation because these frameworks were established largely at a time when technology was not a fundamental component of industry ecosystems, including banking and insurance[,]” and that “innovators require a flexible regulatory regimen to test new products, services, and emerging technologies, such as blockchain technology[.]”
The NC Sandbox Act hopes to “facilitate the development of innovative financial or insurance products or services utilizing new or emerging technology” through the creation of a sandbox program that a newly-established “Innovation Council” will oversee. The Innovation Council is comprised of 11 members appointed by several governmental bodies, such as the North Carolina Commissioner of Banks, and it expressly requires that two of its members come from academia and two of its members come from “the North Carolina entrepreneurial or blockchain community.” The general composition of the Innovation Council helps promote a balance of interdisciplinary expertise. All public members of the Innovation Council must have a background in financial services, insurance, blockchain, InsurTech, or entrepreneurship.
Like other states, the primary tool for encouraging innovation in the NC Sandbox Act is an agreement not to enforce specific rules or regulations against successful applicants – an “innovation waiver,” as it is called in North Carolina. Specifically, the NC Sandbox Act provides that “a person who makes an innovative product or service available to consumers in the regulatory sandbox may be granted a waiver of specified requirements imposed by statute or rule, or portions thereof, if these statutes or rules do not currently permit the product or service to be made available to consumers.”
Although the Innovation Council is empowered to set standards, principles, guidelines, and policy priorities for the types of innovations that the regulatory sandbox program will support, the factors considered in granting or denying admission to the regulatory sandbox program will include, at least, the following:
Assessment of the innovation’s risk to consumers: The nature of the innovative product or service proposed to be made available to consumers, including the potential risk to consumers.
Consumer protection and complaint process: The methods that will be used to protect consumers and resolve complaints during the sandbox period.
Business plan: A business plan, including availability of capital.
Management’s expertise: Whether the entity’s management has the necessary expertise to conduct a pilot of the innovative product or service during the sandbox period.
Criminal history related to financial or securities fraud: Whether any person substantially involved in the development, operation, or management of the innovative product or service has been convicted of or is currently under investigation for fraud or state or federal securities law violations.
Flexible catchall: Any other factor that the Innovation Council or the applicable State agency determines to be relevant.
Successful applicants will have up to 24 months to test their innovative product or service, subject to potential limitations based on the nature of the product or service. For example, the innovation waiver may set a maximum limit on the number of consumers to whom the service or product is offered. The successful applicant may also be required to post a consumer protection bond or similar assets as security for potential losses suffered by consumers. The pilot can be extended by up to 12 months, but, in all cases, the sandbox must submit a final report to the applicable State agency at the end of its pilot.
Reciprocity among sandboxes and building (inter)national standards.
Building a local regulatory framework is a positive step for North Carolina. Still, the real promise of the NC Sandbox Act and similar regulatory sandboxes across the country is what the sandboxes can collectively contribute to the larger FinTech ecosystem over time. A significant challenge to implementing scalable FinTech solutions is the fragmentation of state and federal regulation; however, many state regulatory sandboxes – including the NC Sandbox Act – provide reciprocity provisions that could be a pathway toward uniform regulation and standards.
The NC Sandbox Act contemplates reciprocity with other regulators, including the authority to “enter into agreements with other State, federal, or foreign regulators to advance the purpose of the regulatory sandbox, which may include permission for any sandbox participant to operate in other jurisdictions.” The NC Sandbox Act also “permits persons, applicants, or entities that are authorized in other jurisdictions or that hold a license in other jurisdictions to be recognized as sandbox participants in this State.”
The opportunities for regulators to collaborate and share evidence about a broad range of FinTech solutions will help support informed policies, tests, and avoid problems that could arise if the sample size of applicants in one jurisdiction is too small or concentrated. For example, Hawaii’s FinTech sandbox focuses on digital currencies, but its participants range from a local Hawaii-focused bitcoin platform, Cloud Nalu, to more ubiquitous platforms, like Facebook’s Novi; New York-based cryptocurrency exchange, Gemini; and popular investment app, Robinhood. The pool of potential use cases is not limited to our country’s borders, either. Several state and federal regulators are members of the Global Financial Innovation Network, an international group of financial regulators that facilitates the development of best regulatory practices and assists with cross-border testing of innovative financial products or services.
Since most regulatory sandboxes have not been in operation for long enough for their respective participants to complete their pilot programs, it remains to be seen how effective these reciprocity agreements will be in informing assessments of emerging technology. However, the network effect created by more states offering flexible and interoperable regulatory programs could pave the way for a more attractive and predictable marketplace for developing new FinTech solutions.
 Gary Gensler, Testimony Before the United States House of Representatives Committee on Financial Services (Oct. 5, 2021), available here.
 Key Data from Regulatory Sandboxes Across the Globe, The World Bank (Nov. 1, 2020), available here.
 N.C. Gen. Stat. § 169-2(a).
 Legislative Summary, Senate Bill 470: North Carolina Regulatory Sandbox Act (July 7, 2021), available here.
 N.C. Gen. Stat. § 169-4.
 N.C. Gen. Stat. § 169-3.
 N.C. Gen. Stat. § 169-4(a).
 N.C. Gen. Stat. § 169-4(b)(1).
 N.C. Gen. Stat. § 169-4(b)(2).
 N.C. Gen. Stat. § 169-4(b)(3).
 N.C. Gen. Stat. § 169-4(b)(4).
 N.C. Gen. Stat. § 169-4(b)(5).
 N.C. Gen. Stat. § 169-4(b)(6).
 N.C. Gen. Stat. § 169-12(b).
 N.C. Gen. Stat. § 169-12(c).
 Global Financial Innovation Network, Members -- see here (last visited Oct. 9, 2021).