Go back to menu

Growing the sandbox

Australia's enhanced fintech regulatory sandbox

18 July 2019

After 10 months of operation, Australia's regulatory sandbox is entering a new phase. The sandbox provides a "lighter touch" regulatory environment to allow fintech businesses additional flexibility when they are still at the stage of testing their ideas. As flagged in its 2017-18 Budget, the Australian Government has released new draft legislation and regulations to create an enhanced regulatory sandbox to support innovation in financial services.

Key issues 
  • The Australian government released new draft legislation and regulations to enhance ASIC's regulatory sandbox for fintech start-ups. 
  •  An eligible fintech company only needs to notify ASIC of its intention to offer products and services within the sandbox rules. 
  •  ASIC's new conditional exemption powers are the most significant part of the proposed reforms. 
  • The reforms would also broaden the types of products that may be tested in the sandbox. 

The first iteration of the sandbox was revealed by the Australian Securities and Investments Commission (ASIC) in December 2016. The sandbox is unique, an eligible fintech company only needs to notify ASIC of its intention to offer products and services within the sandbox rules. No further approvals from ASIC or other regulators are required and spaces are not limited, in contrast to other regulators’ competitive models. 

While an exciting development in Australia, the timing of the release and the relatively restrictive parameters of the sandbox to date has resulted in limited participation. By June 2017, only one startup had utilised the sandbox and as a result ASIC in that month released a consultation paper on further measures to improve the sandbox which appears to have informed the draft legislation. Hopefully the proposed changes will increase the attractiveness of the available exemptions. 


For a fintech company to use the sandbox they: 

  • must not be banned from providing financial services and must not already hold an Australian financial services licence (AFSL) or Australian credit licence (ACL); 
  • must hold adequate public interest insurance and has implemented the required dispute resolution mechanisms; and may advise or distribute the following kinds of products (each with certain monetary limits): 
    • deposit products; 
    • payment products if issued by an authorised deposit-taking institution (ADI) (including non-cash payment facilities);
    • general insurance products (initially limited to certain kinds of general insurance);
    • liquid investments for listed Australian securities or simple schemes; and
    • consumer credit contracts with certain features. 

Business are still limited to 100 retail clients (if providing financial services) or consumers (if providing credit) with no limits on the number of sophisticated clients and a total exposure limit across all clients of AUD 5 million. 


The key changes proposed are: 

  • extending the exemption period from 12 months to 24 months; 
  •  amending regulations to enable ASIC to grant conditional exemptions to AFSL or ACL requirements for the purpose of testing financial and credit services and products; 
  • empowering ASIC to make decisions regarding how the exemption starts and ceases to apply; 
  •  broadening the categories of products and services that may be tested in the sandbox; and 
  •  imposing additional safeguards (see further details below). 

ASIC's new conditional exemption powers are the most significant part of the proposed reforms. Currently regulations only provide for unconditional exemptions from AFSL and ACL requirements. The reforms also allow ASIC to effectively control how exemptions are granted and cease by granting the regulator decision-making powers. 


The reforms would also broaden the types of products that may be tested in the sandbox and loosen the monetary thresholds for some products, i.e. for general insurance products from $50,000 to $85,000 may be tested in the sandbox. New products include: 

  • life insurance products issued by a life insurer authorised by the Australian Prudential Regulation Authority (APRA); 
  • superannuation products issued by an APRA regulated superannuation fund; 
  • listed international securities (expanded from only listed Australian securities); and 
  • crowd-sourced funding activities within the new regime which came into effect on 28 September 2017.

The proposed regulations impose additional conditions for use of the sandbox exemption. They require fintech companies to clearly notify clients that they are using the exemption, are not an AFSL or ACL holder and that some of the normal protections that would be associated with receiving financial services or credit services will not apply. 

These apply to both sophisticated and retail clients. For retail clients there are additional notifications required including information about a provider's remuneration, associations and relationships with issuers of products and the dispute resolution mechanisms available to clients. 

At the same time certain baseline obligations continue to apply. For financial services these include obligations to act in a client's best interests, obligations on handling client money and on preparing statements of advice where personal advice is provided. For credit contracts these include responsible lending obligations, special rules for short-term contracts, limitations on fees and charges and unfair contract term rules. 

Breaching these obligations may form the basis for ASIC cancelling a person's exemption. In addition, ASIC may cancel an exemption where they reasonably believe a person is not of good fame or character, or believes such cancellation is necessary given a person's failure to act fairly, efficiently or honestly. 


Consultation on the package of reforms is in two stages: consultation on the exposure draft legislation ends on 3 November 2017 (which, unfortunately, is short like other recent consultations) and consultation on the exposure draft regulations ends on 1 December 2017. The new regulations will commence three months after they are registered (following passage of new legislation). 

Accordingly, the expanded sandbox will likely only come into effect in early to mid 2018. Watch this space as ASIC and the Australian Government continue their efforts to support fintech in Australia.

Use download button to see attached PDF version for regulatory sandbox comparison table – AUSTRALIA, HONG KONG AND SINGAPORE