TaxTMI 
TaxTMI 
Revised Framework for Regulatory Sandbox
X X X X Extracts X X X X
X X X X Extracts X X X X
.... and Section 19 of the Depositories Act, 1996 to protect the interests of investors in securities and to promote the development of, and to regulate the securities market. Yours faithfully, Mridusmita Goswami General Manager Information Technology Department Phone: +91-022-26449504 Email: [email protected] Annexure A- Standard Operating Procedure - Regulatory Sandbox APPLICABILITY 1. All entities registered with SEBI under section 12 of the SEBI Act 1992, shall be eligible for testing in the regulatory sandbox. The entity may apply either on its own or in partnership with any other entity. In either scenarios, the registered market participant shall be treated as the principal applicant, and shall be solely responsible for testing of the solution. STAGES OF SANDBOX TESTING 2. The details of the stages of sandbox testing are as below: 2.1. Stage-I: SEBI will approve the limited set of users as proposed by the applicant for testing in Stage-I. During the stage-I testing, applicant shall use limited and identified set of users with maximum cap on users based on the requirement of the applicant duly approved by SEBI on case to case ba....
X X X X Extracts X X X X
X X X X Extracts X X X X
....the risks and contain the consequences of failure. 4. An applicant is eligible for Stage-II after completing minimum 90 days in the Regulatory Sandbox testing. 5. Stage- II Eligibility Criteria: The Stage-II criteria shall be as follows: 5.1. Adequate Progress: The applicant should demonstrate that they have achieved adequate progress and are on track with their testing plan. 5.2. Compliance to the objective of the Regulatory Sandbox: The applicant should provide justification that they are complying with the objective of the Regulatory Sandbox. 5.3. Reviews of the Risks observed during Stage-I testing: The applicant should submit the details of the risks observed during stage-I testing along with the steps taken to mitigate those risks. 5.4. Safeguards to mitigate potential risks: The applicant should provide the list of appropriate safeguards to manage the risks and contain the consequences of failure. 5.5. Users feedback: The applicant should present summary of the feedback received from the users participated during stage-I of the Regulatory Sandbox testing highlighting the adverse feedbacks and steps taken to address the same. 5.6. Deployment post-testi....
X X X X Extracts X X X X
X X X X Extracts X X X X
....BI shall review and approve the application and allot a registration number to the applicant with the validity of maximum of 12 months. 12. Once registration is allotted to the applicant, the application shall proceed towards the "Stage- I Testing Stage". The applicant shall disclose to its users that the solution shall operate in a sandbox and the potential key risks associated with the solution. The applicant is also required to obtain the users' positive consent that they have read and understood the risks before any transactions separately for both Stage-I and Stage-II. 13. During the Stage-I testing stage, the applicant shall take prior approval from SEBI to effect any material changes to the solution. 14. The applicant shall assign a contact person to coordinate with a designated officer of SEBI. 15. An applicant is eligible for Stage-II after completing minimum three (3) months in the Regulatory Sandbox testing. 16. If applicant wishes to apply for Stage-II, the applicant should submit the application as per Annexure-2 to SEBI. 17. The application shall be evaluated on the eligibility criteria mentioned for Stage-II. Applicants may be required to make a pre....
X X X X Extracts X X X X
X X X X Extracts X X X X
....1.13. Intent and feasibility to deploy the proposed Innovative solution post testing 22.1.14. The withdrawal strategy (in the event the tests are not successful) including for participating users 22.1.15. Any other factors considered relevant by SEBI 22.2. STAGE- II Evaluation Criteria: 22.2.1. Applicant has achieved adequate progress in stage -I testing 22.2.2. Review of the risks observed during stage -I testing 22.2.3. Review of the steps taken to mitigate the risks 22.2.4. Appropriate safeguards to manage the risks and contain the consequences of failure 22.2.5. User feedback during stage-I testing 22.2.6. Intent and feasibility to deploy the proposed Innovative solution post testing 22.2.7. The deployment and monitoring strategy post testing (in the event the tests are deemed successful) or the withdrawal strategy including for participating users (in the event the tests are not successful) REGULATORY EXEMPTIONS 23. To encourage innovation with minimal regulatory burden, SEBI shall consider exemptions/ relaxations, if any, which could be either in the form of a comprehensive exemption from certain regulatory requirements or selective exempti....
X X X X Extracts X X X X
X X X X Extracts X X X X
....identified above iv) Any other information relevant to SEBI. 31. The sandbox applicants must submit a final report containing the following information to SEBI within 30 calendar days from the expiry of the Stage-II testing period: i) Key outcomes, key performance indicators against agreed measures for the success or failure of the test and findings of the test ii) A full account of all incident reports and resolution of user complaints, if any iii) Key learnings from the test 32. The monthly and final reports must be confirmed by the Chief Executive Officer (CEO) of the applicant or officer duly authorized by the CEO or the compliance officer. 33. The sandbox applicant must ensure that proper records of the conducted tests are maintained for review by SEBI. Further, the applicant shall also maintain such records for a period of three (3) years from the date of completion of testing/ exit from the sandbox. OBLIGATIONS OF THE APPLICANT TOWARDS THE USER 34. The applicant shall ensure that before signing up, the user has read the full documentation provided by the applicant and confirm that he/she is aware of the risks of using the so....
X X X X Extracts X X X X
X X X X Extracts X X X X
....at regulatory changes are expected to enable the applicant to launch their solution in the live market post completion of the sandbox testing. 38.2. Withdrawal Strategy: The applicant shall provide withdrawal strategy which shall be applicable in the event the tests are not successful or applicant wants to discontinue the sandbox testing or SEBI revokes the approval to participate in the sandbox as per the" Revocation of the Approval" clause of this document. The withdrawal strategy shall include following: 38.2.1. Process of notification to the existing users regarding the termination of the sandbox testing and informing them on the necessary steps to be taken. 38.2.2. Settling/ transferring etc. of the current position of the existing users within 15 days of the initiation of the withdrawal strategy, as may be applicable. 38.2.3. Refund of any dues to the existing users within 15 days of the initiation of the withdrawal strategy. 39. At the end of the Stage-II testing period, the permission granted to the applicant as well as the legal and regulatory requirements relaxed by SEBI, shall expire. 40. Upon completion of testing, i) SEBI shall decide whether....
X X X X Extracts X X X X
X X X X Extracts X X X X
....vided by the applicant under the regulatory sandbox framework facilitates the following: i) Undermining of Know Your Customer (KYC) principles ii) Violation of users'/investors' privacy iii) Promotion/ facilitation of sale of fraudulent/illegal products or services iv) Promotion/ facilitation of mis-selling of products or services v) Violation of Anti-Money Laundering (AML) norms vi) Creation of risk to market integrity vii) Theft of intellectual property viii) Not in the interest of users/ investors or securities market 46. If SEBI proposes to revoke the approval granted to an applicant to participate in the sandbox, then SEBI shall: i. immediately suspend trials on new users i.e. not permitting new users to sign up for using/ testing the solution and give a notice to the applicant of the intention of SEBI to revoke the approval detailing the grounds for such an intention; ii. provide an opportunity to the applicant to respond to SEBI on the grounds for revocation; and iii. dispose of the notice through a speaking order. 47. Notwithstanding anything contained in paragraph 46 ab....
X X X X Extracts X X X X
X X X X Extracts X X X X
....oposed solution to be tested in the sandbox including but not limited to: a. Objective of the proposed Innovative solution or the statement of purpose • Key benefits to the users and markets • Business Model, including asset deployment and sources of revenue • Target users • Compliance obligations • Time period for testing • Compliance to the objective of the Regulatory Sandbox 3.2 Summary of the technical solution including but not limited to: • Technical architecture • Usage of Artificial Intelligence and Machine Learning, if any • Cyber resilience: VAPT results, if any • Certification from Common Criteria Recognition Arrangement (CCRA), if any • Business Continuity Plan, if any • Any other certifications, if any 3.3 With respect to the genuine need to test , please provide why testing in test environment with test data is not enough and it is required to test the solution on real users on live environment 3.4 Awareness of similar offering in other countries or for other than ....
X X X X Extracts X X X X
X X X X Extracts X X X X
....; 7. Relaxation of SEBI regulations and guidelines 7.1 Outline the list of rules, regulation, guidelines, circulars etc. of SEBI that, as per the applicant, may act as an impediment to the proposed Innovative solution, along with detailed rationale 7.2 Is SEBI to relax any specific regulatory requirements, for the duration of the sandbox? Please provide the details along with detailed rationale 7.3 In the event of a successful test and before exit from the sandbox, provide details on how SEBI's regulatory requirements shall be complied with. 7.4 The applicant needs to mention what regulatory changes are expected to enable the applicant to launch their solution in the live market post completion of the sandbox testing. Enclosures with Annexure- 1:- 1. Copy of Certificate of SEBI Registration. 2. Letter of undertaking that the applicant is not blacklisted or debarred by any Govt. department due to breach of general or specific instructions, corrupt or fraudulent or any other unethical business practices. 3. Letter of undertaking declaring that the applicant accept that in case of any viol....
X X X X Extracts X X X X
X X X X Extracts X X X X
.... Financial loss to the users • Cyber attack • AML and terrorism financing 4. Deployment post-testing 4.1 Describe how the regulatory requirements will be met post successful sandbox testing 4.2 Please provide a pan-India deployment strategy, post successful sandbox testing 4.3 Please provide a clear strategy to monitor the outcomes in the live scenario 4.4 Please provide withdrawal strategy if the deployed solution turns unviable and the tests are unsuccessful including action plan for participating users who had joined the sandbox Enclosures with Annexure- 2:- 1. Positive consent of users who would be participating in the sandbox testing as per the format prescribed in Annexure-4. REQUIREMENTS WHICH WILL NOT BE RELAXED AND WHICH MAY MERIT RELAXATION (FOR ILLUSTRATIVE PURPOSE) a. Requirements for which relaxation will not be considered i. Fit and proper criteria of applicant and partner ii. Principles of KYC of clients iii. Prevention of money laundering and countering the financing of terrorism iv.&n....