Arizona’s Fintech Sandbox

Last month Arizona became the first U.S. state to enact a law allowing for the establishment of a fintech regulatory sandbox program (H.B. 2434) to facilitate the growth of innovative financial products and services. The Arizona law charges the Attorney General to “establish a regulatory sandbox program” which would, in general, require a person to file an application and register to be in the sandbox, but would relieve the person from the state’s licensing requirements. In this way, innovators in financial services will have the opportunity to offer their products with a minimum of regulation, subject to meeting the other requirements of the law. Other states could soon follow Arizona’s lead; similar legislation has been introduced in Illinois and elsewhere. Federal regulators have also considered various approaches to encourage financial innovation.

What is a Fintech Regulatory Sandbox?

Fintech regulatory sandboxes are designed to be alternative regulatory mechanisms to facilitate the development or testing of innovative financial technology solutions, while still affording adequate consumer protection. Typically, existing regulatory requirements are adjusted to provide companies the opportunity to offer and test new products and services in a live environment, for a trial period, without the usual licensing process.

Regulatory sandboxes specifically for fintech are trending worldwide, with the first sandbox being implemented in the United Kingdom in 2015. The concept has spread widely, including to Australia, Canada, Russia, Switzerland and a number of countries in Asia and the Middle East.

The details of each regulatory sandbox vary depending on local concerns and interests, but all allow fintech organizations to test innovative products in a live environment with minimal licensing and other legal requirements.

While consumer advocacy groups have expressed concerns that customers could be at risk under such schemes for predatory or failed fintech products, the concept has proved successful in many countries. Local governments look to such programs as a way to attract and support fintech innovators in order to develop their local fintech ecosystems.

Arizona’s New Fintech Sandbox

The Arizona “regulatory sandbox program” gives relief from state licensure to persons who offer “innovative financial products or services.” “Financial product or service” for this purpose means “a product or service that requires licensure under [laws governing banks and financial institutions (including, among others, money transmitters, consumer lenders, debt management companies, mortgage brokers and deferred presentment companies), sales finance companies, and investment advisers] or a product or service that includes a business model, delivery mechanism, or element that may otherwise require a license or other authorization to act as a financial institution or enterprise or other entity that is regulated by [laws governing banks and financial institutions (including, among others, money transmitters, consumer lenders, debt management companies, mortgage brokers and deferred presentment companies), sales finance companies, and investment advisers].” “Innovative financial product or service” simply means a “financial product or service that includes an innovation.”

The most pivotal definition in the law is thus the definition of “innovation”: “innovation” under the Arizona law means:

the use or incorporation of new or emerging technology or the reimagination of uses for existing technology to address a problem, provide a benefit or otherwise offer a product, service, business model or delivery mechanism that is not known by the Attorney General to have a comparable widespread offering in this state.

The interpretation of these terms by the Attorney General will be essential to understanding the scope of the available relief, and presumably the best evidence of their interpretation will be the types of applications granted. The challenge of keeping regulation abreast of innovation is encapsulated in the effort to craft a broad definition of “innovation” itself. For example, the definition includes “business models” as a qualifying type of “innovation.” If the “business model” provides an alternative means to finance a product or service that in itself is similar to existing products or services, how can an applicant make the required showing that their product or service is somehow “different from other products or services available in th[e] state” as required elsewhere in the Arizona law? The business model or “delivery mechanism” may enable products or services to be offered faster, cheaper, or more conveniently – but financial products and services generally share many common features. If the policy intent is to foster innovation, to the extent consistent with consumer protection, we would hope the Attorney General will take a broad view in granting applications.

Other key provisions of Arizona’s fintech sandbox program include the following:

  • The program will open for applications in late July 2018 and run until July 2028.
  • The program will be administered by the state’s Attorney General’s Office.
  • The program will be open to companies with products that would normally require licensing from Arizona’s Department of Financial Institutions, such as money transmitters, consumer lenders, debt management companies, mortgage brokers and deferred presentment companies.
  • Applicants must submit a plan to monitor and test their product, as well as to protect consumers. The test period is 2 years with the possibility for a 1 year extension.
  • Applicants must include information on the benefits and risks to consumers of using their product and how the innovation is different from other products or services available in this state.
  • The law limits the number of users of a product or service to 10,000 Arizona residents unless the company can show it has the capitalization and risk management capacity to handle up to 17,500 users.
  • Consumer loan transactions are limited to a maximum value of $15,000 for individual loans and a total of $50,000 in aggregate loans per consumer.
  • Money transmission products or services are limited to a maximum value of $2,500 per transaction and no more than $25,000 in aggregate transactions per consumer. These amounts can be increased to $15,000 per transaction and up to $50,000 in total if the company demonstrates adequate capitalization and risk management.
  • Participants must comply with all other Arizona laws, including consumer fraud and any other state laws applicable to financial products or services as determined by the Attorney General.
  • Participants must provide specific disclosures to consumers before providing their product.
  • Participants are not exempt from compliance with federal consumer financial services laws, but are “deemed to possess an appropriate license under the laws of this state for purposes of any provision of federal law requiring state licensure or authorization.” In other words, the provisions of 18 U.S.C. § 1960 making it a federal crime to operate without a required state money transmitter license are deemed satisfied, at least according to the terms of the Arizona law.
  • The law authorizes the Attorney General to enter into agreements with state, federal, or foreign regulators to allow entities authorized to operate in sandboxes in other jurisdictions to be recognized as sandbox participants in Arizona.

Concerns with Implementing Arizona’s Sandbox

Consumer protection groups have expressed concerns about Arizona’s regulatory sandbox, noting that the sandbox may be too lightly regulated which could lead to predatory lending practices. Sandboxes are intended to allow a quicker response to a rapidly-changing industry, but regulators should still be able to protect consumers from harmful practices. Other concerns focus on why the program is being administered by the Arizona Attorney General instead of the state’s financial services regulator, noting that when the Attorney General changes, implementation of the program could change. Advocates for the sandbox point out that it has been structured to address these issues. Illinois’ Proposed Fintech Sandbox The Illinois General Assembly is also currently considering a bill (H.B. 5139) that would create a fintech sandbox program. If passed, the Illinois law would go into effect on January 1, 2019. The Illinois bill differs from the Arizona law in a few material respects:

  • The Illinois Secretary of Financial and Professional Regulation would administer the program, not the Attorney General.
  • Companies would have a 12-month test period subject to a maximum 6-month extension – 18 months shorter than the maximum Arizona test period.
  • No more than 5,000 Illinois consumers could use the innovative product, significantly fewer than the 17,500 users allowed in some cases under the Arizona law.
  • The Illinois bill does not impose transaction limits during the test period, unlike the Arizona law.

Although the Illinois Governor has endorsed the bill, the Illinois Attorney General has publicly criticized it, citing consumer protection concerns. The Illinois Secretary of Financial and Professional Regulation has indicated he believes these concerns may be overstated.

Similar to the Arizona law, the Illinois bill has also faced criticism from consumer protection groups who raise the same concerns as those raised in Arizona.

Fintech Regulation in the US - Federal vs. State

One question looming over the effectiveness of state sandboxes is whether federal action should be taken to protect participants authorized to operate in the state sandboxes, including limiting the ability of federal regulators to take action against those participants. A waiver from the federal government could help states implement sandboxes. For example, the Consumer Financial Protection Bureau could defer enforcement against a person that is authorized to operate in a state sandbox. The CFPB’s “no action letter” policy offers a means to seek individual relief from enforcement, but the requirements for such letters are so restrictive and the relief so limited that only a single letter has been issued to date. (You can find our prior post about the “no action letter” policy here.)

Fintech regulatory sandboxes are intended to reduce regulatory barriers and costs in order to encourage companies to test their products in the United States. Arizona views its approach as a model for other states to follow. Arizona’s legislation includes a “passporting” provision, something currently available under European Union law as between Member States, which would allow a participant in Arizona’s sandbox to operate in other jurisdictions with similar programs (and likewise allow a participant in another state’s sandbox to enter into Arizona’s regulatory sandbox program). Such an approach would only be effective, however, once a number of states have established regulatory sandboxes. In addition, critics of the state sandbox approach point out that different regulatory approaches to sandboxes in different states, and even differently focused goals of each state sandbox, could make it difficult for that type of inter-jurisdictional approach to sandboxes to work. Current regulatory inconsistencies between states may otherwise be exacerbated by sandboxes.

Other federal regulators such as the SEC and CFTC have been considering the concept of federal sandboxes but have been doing so very slowly. The OCC’s proposed fintech bank charter has also been stalled, although the OCC has recently indicated we should expect further information about the charter in the next few months. (You can find our ongoing analysis of the OCC’s proposed fintech bank charter here.) In other countries, unitary national financial regulators are the entities overseeing those countries’ sandboxes (the FCA in the UK and the MAS in Singapore). Advocates of fintech regulatory sandboxes hope Arizona’s program will spur federal regulators into action, especially since the growth of state sandboxes could further fragment financial services regulation in the United States.