Rechtsanwaltsanwärter bei Haslinger / Nagele im Team M&A und Gesellschaftsrecht
The “Regulatory Sandbox” – an Austrian attempt to support FinTechs
The rising importance of FinTechs1 in the rapid evolution of the financial sector leads stakeholders to increasingly seek ways to „step out into the dark“ without the risk of repetitious failure. To meet this demand the first regulatory sandbox2 was launched in 2015 in the UK, allowing the testing of new financial products, technologies and business models in a rather safe environment.3
Remembering the “real” sandboxes used as a toddler, it seems logical to transfer the idea of a risk-minimized space, open to creative but fragile solutions, to a rapidly changing but strictly regulated business sector. Groundbreaking developments are usually subject to a period of trial and error. However, the finanical sector being a tightly regulated one, it is difficult, especially for start ups, to avoid the risks of regulatory misconduct and still be innovative. Regulatory sandboxes are intended to solve this problem through regulated cooperation with supervisory authorities.
2. The First Step – FMA’s FinTech Point of Contact
Austria’s first approach to a supervisory guided playground of innovation regarding financial products, technologies and business models was the FinTech Point of Contact (“Kontaktstelle FinTech”). 4 Established in 2016 and operationally based at the Austrian Financial Market Authority (“FMA”) it allows FinTechs “…to clarify issues relating to regulation and supervision about their business model with the FMA in a simple and straightforward manner.” In contrast to regulatory sandboxes the FMA’s FinTech Point of Contact only provides regulatory feedback to precisely described business models; any further support or the execution of practical tests is not offered.
Though the next step of Austrian FinTech-support – already prepared by the Ministry of Finance by April 20195 – was delayed by the Ibiza affair, it can be assumed that the regulatory sandbox will soon be incorporated into Austrian law. This was reaffirmed in the new government programme presented in January 2020.6
The fact that early clarification of regulatory issues in the FinTech sector is in demand is also shown by the increasing number of enquiries to the FMA’s FinTech Point of Contact, which already registered 123 enquiries in 2018, 26 more than in the previous year.7
3. The Second Step – draft law for the Austrian „Regulatory Sandbox“
3.1 Main point of the legal framework
The draft of § 23a 8 of the Austrian Financial Market Authority Act (Finzmarktaufsichtsbehördengesetz – “FMABG”9) lays the foundation for the Austrian type of the regulatory sandbox. It stipulates that companies (meaning “natural or legal persons or associations of such persons engaged in or planning to engage in business activities “Participants”10) have to file a request to the FMA in order to get access to the regulatory sandbox. Therefore certain requirements have to be met, which be outlined below:
The sandbox business model (“Sandboxgeschäftsmodell”) must be based on information and communication technology (“Informations- und Kommunikationstechnologie”) for which a licence pursuant to “ 2 paras 1 to 4 FMABG has already been granted, or could at least possibly be granted (§ 23a para. 2 no.1 FMABG). Furthermore, the execution of the sandbox business model must be in the economic interest of the (Austrian) financial sector, especiall because of its increased innovation value (§ 23a para. 2 no.2 FMABG). Important preconditions are that the business model is already test-ready and that the admission to the sandbox can accelerate the marketability (§ 23a para. 2 no.3 to 4 FMABG). These restrictions lead to the exclusion of potential business models that are only in an early development phase. Of course, this can be justified by the fact that the authority obviously does not want to be inundated with unsophisticated requests.
The complete application is reviewed by the regulatory sandbox advisory board (also newly established and based at the Federal Ministry of Finance), which will render an opinion on it. Subsequently, the FMA will decide whether the applicant is to be admitted to the sandbox (§ 23a para. 3 FMABG).
FinTechs can participate in the sandbox for up to two years. During this time, participants shall be able to test the business model under market conditions. These tests should be carried out in accordance with testing conditions (“Testbedingungen“) agreed upon with the participants.
3.2 Critical review of the draft law
Although the draft legislation proposes good first steps towards a UK-style regulatory sandbox, there is room for improvement in some areas. Below are some thoughts on particularly sensitive points.
Firstly, with only EUR 500,000.00 the funds provided for the regulatory sandbox according to § 23a para. 8 FMABG are very limited. As a consequence, presumably only up to 5 FinTechs can participate simultaneously.11 Taking into account the before mentioned increasing number of enquiries to the FMA’s FinTech Point of Contact, this will likely result in a massive underfunding in relation to the demand.
3.2.2 Admission requirements
Much will depend on how the FMA interprets the legislation on practical applicability. A critical point in this respect is the level of the hurdle for admission to the sandbox. Above all, the interpretation with regard to the determination of test readiness (“Testreife”) pursuant to section 23 para. 2 no. 3 FMABG will decide on the success or failure of the sandbox. Especially in the early stages of developing an innovative business model, FinTechs would need regulatory support to remove stumbling blocks and see whether they are on course. In any case, the criteria of test readiness must not exclude the possibility that further development is necessary. Also, the technical requirements should not be considered in too much detail, what still seems to be a fundamental obstacle today can be solved within a few days/weeks, especially in this highly innovative sector. The approach of Caramanica/Raschner, according to which financial feasibility is to be considered first and foremost when assessing the willingness to test12, is here quite something to be gained, although even from this point of view changes can occur quickly, making a different assessment necessary.
According to the explanatory notes to the draft law, it should also be a condition that the business model must not have a negative impact on the stability of the financial markets. However, since the models developed by FinTechs usually have a disruptive effect on the „old“ business, it is important that this requirement is not interpreted too narrowly either. Many exceptionally innovative ideas would otherwise have to be excluded from participation.
An evaluation procedure has not been specifically regulated by law. However, as can be seen from the sandboxes already implemented in other European countries13, this phase is extremely valuable for both the participants and the supervisory authority. In this process, problematic areas can be identified and can subsequently lead to adjustments in regulatory practice or even to changes in the legal regulations.
4. Comparison with other jurisdictions (Germany / The Netherlands)
4.1 Germany – „No practice“
Unknown to many, the FinTech-Start-up unicorn N2614 was founded by two Austrians. However it did get big in Vienna, then in Berlin, to where it moved its headquarter shortly after take-off. While a few years ago the infrastructure, international inclusion and legislation seemed to be more attractive in Germany it seems that the Regulatory Sandbox could be a thing where Austria is (exceptionally) one step ahead. There are no plans to establish a regulatory sandbox for FinTechs in Germany, nor are there any plans to do so in the (near) future, as was recently confirmed again by the German government.15 However, the fact that the establishment of a regulatory sandbox would also be possible and appropriate under German law is a matter of ongoing debate.16
4.2 UK – „Best Practice“
The UK Model of a regulatory sandbox was established in 2015, allowing “businesses to test innovative propositions in the market, with real consumers.”17, according to the FCA itself. Operational implementation started in 2016 with 24 businesses accepted to participate in the regulatory sandbox and 18 businesses actually testing (“cohort 1”), selected from 69 applications. 18 By 2019 the testing businesses have steadily increased to a number of 29 (“cohort 5”).19
To implement the regulatory sandbox as effectively as possible, various tools are used, including the waiver or modification of rules for the purpose of the test. A particularly noteworthy tool are the so-called „no enforcement action letters“, which protect the participants from regulatory sanctions in the event of unexpected problems and thus hedge part of the risk.20 Another useful measure is the continual evaluation of the programme.21
76 percent of cohort-1-businesses were still active around two years after acceptance, compared to only 56% of those which have been rejected.22 These figures alone show how effective the British model is.
Austria is jumping on the (European) bandwagon23 of setting up a regulatory sandbox and has taken a good first step with the draft law presented. Although there is still a lot of potential for improvement in the legal framework itself, the impact of the programme will depend primarily on its implementation by the FMA. In this respect, it is encouraging that the FMA has added the regulatory sandbox to its annually published focus on supervision and auditing (“Fakten, Trends und Strategien 2020”).24
The FMA is recommended to take up the work of the regulatory sandbox in lose coordination with its FCA colleagues in order to achieve the best possible results. This could result in great innovative opportunities for the Austrian financial market and serve as a benchmark for other countries.
1 According to ESA, FinTech: Regulatory sandboxes and innovation hubs (JC 2018 74), „FinTech“ is defined as „technologically enabled financial innovation that could result in new business models, applications, processes or products with an associated material effect on financial markets and institutions and the provision of financial services“ 3;
2 According to the UN Secretary General’s Roadmap for Financing the 2030 Agenda for Sustainable Development, a „regulatory sandbox“ is defined as a “‘safe space’ in which businesses can test innovative products, services, business models and delivery mechanisms without immediately incurring all the normal regulatory consequences of engaging in the activity in question“ 53;
3 UNSGSA, Briefing on Regulatory Sandboxes (2017) 1; FCA, Regulatory sandbox (retrieved at 08.03.2020 from https://www.fca.org.uk/firms/innovation/regulatory-sandbox);
4 see FMA’s FinTech Point of Contact (retrieved at 08.03.2020 from https://www.fma.gv.at/en/cross-sectoraltopics/
5 ME Finanzmarktaufsichtsbehördengesetz, Änderung, 142/ME 26. GP;
6 Regierungsprogramm 2020 – 2024 „Aus Verantwortung für Österreich“ pp 73 and 89;
7 FMA, FinTech Point of Contact Annual Report 2018 p 3;
8 142/ME 26. GP;
9 See an English transaltion of the FMABG at https://www.fma.gv.at/en/national/supervisory-laws/ ;
10 142/ME XXVI GP Erläut 4 (explanatory notes p 4);
11 142/ME 26. GP Erläut 5 (explanatory notes p 5);
12 Caramanica/Raschner, Zur Errichtung einer Regulatory Sandbox für FinTechs im österreichischen und europäischen Aufsichtsrecht, wbl 2019, 492;
13 ESA FinTech report pp 28 ff; FCA, Regulatory sandbox lessons learned report, (October 2017) (retrieved at 15.03.2020 from https://www.fca.org.uk/publication/research-and-data/regulatory-sandbox-lessonslearned- report.pdf) ;
15 Antwort der Bundesregierung, Drucksache 19/14527;
16 Krimphove/Rohwetter, Regulatory Sandbox – Sandkastenspiele auch für Deutschland?, BKR 2018, 494;
17 FCA, Regulatory sandbox, (retrieved at 15.03.2020, from
18 FCA, Regulatory sandbox – cohort 1, (retrieved at 15.03.2020, from
19 FCA, Regulatory sandbox – cohort 5, (retrieved at 15.03.2020, from
20 FCA, Sandbox tools, (retrieved at 15.03.2020, from https://www.fca.org.uk/firms/innovation/regulatorysandbox-
21 FCA, Regulatory sandbox lessons learned report, (October 2017), (retrieved at 15.03.2020 from
22 FCA, The Impact and Effectiveness of Innovate, April 2019, (retrieved at 15.03.2020, from https://www.fca.org.uk/publication/research/the-impact-and-effectiveness-of-innovate.pdf);
23 See also Möslein/Omlor, Die europäische Agenda für innovative Finanztechnologien (FinTech), BKR 2018, 236;
24 FMA, Fakten Trends und Strategien 2020, p 11; see also Damm, FMA: Aufsichts- und Prüfschwerpunkte 2020, ÖBA 2020, 88;
Antwort der Bundesregierung auf die Kleine Anfrage der Abgeordneten Frank Schäffler ua, (13.11.2019), Drucksache 19/14527 (retrieved at 09.03.2020 from http://dip21.bundestag.de/dip21/btd/19/151/1915103.pdf)
Caramanica/Raschner, Zur Errichtung einer Regulatory Sandbox für FinTechs im österreichischen und europäischen Aufsichtsrecht, wbl 2019, 492
Damm, FMA: Aufsichts- und Prüfungsschwerpunkte 2020, ÖBA 2020, 88
Dax/Hopf, Abkürzungs- und Zitierregeln der österreichischen Rechtssprache und europarechtlicher Rechtsquellen8 (2019)
Die neue Volkspartei/Die Grünen – Die Grüne Alternative, Regierungsprogramm 2020 – 2024 „Aus Verantwortung für Österreich.“ (2020), (retrieved at 08.03.2020 from https://www.dieneuevolkspartei.at/Download/Regierungsprogramm_2020.pdf)
ESA (ESMA/EMA/EIOPA), FinTech: Regulatory sandboxes and innovation hubs, (JC 2018 74, 07.01.2019), (retrieved at 08.03.2020 from https://www.esma.europa.eu/sites/default/files/library/jc_2018_74_joint_report_on_regulatory_sandboxes_and_innovation_hubs.pdf)
Erläuterungen zum Ministerialentwurf (ministerial draft) betreffend Bundesgesetz, mit dem das Finanzmarktaufsichtsbehördengesetz geändert wird (retrieved at 08.03.2020 from https://www.parlament.gv.at/PAKT/VHG/XXVI/ME/ME_00142/index.shtml)
FCA, Regulatory sandbox, (01.01.2020), (retrieved at 08.03.2020 from https://www.fca.org.uk/firms/innovation/regulatory-sandbox)
FCA, Regulatory sandbox – lessons learned report, (October 2017), (retrieved at 03. 15.2020 from https://www.fca.org.uk/publication/research-and-data/regulatory-sandbox-lessonslearned-report.pdf)
FCA, The Impact and Effectiveness of Innovate, (April 2019), (retrieved at 15.03.2020 from https://www.fca.org.uk/publication/research/the-impact-and-effectiveness-ofinnovate.pdf)
FCA, Regulatory sandbox – cohort 1, (retrieved at 15.03.2020 from https://www.fca.org.uk/firms/regulatory-sandbox/cohort-1)
FCA, Regulatory sandbox – cohort 5, (retrieved at 15.03.2020 from https://www.fca.org.uk/firms/regulatory-sandbox/cohort-5)
FCA, Sandbox tools, (retrieved at 15.03.2020 from https://www.fca.org.uk/firms/innovation/regulatory-sandbox-tools)
Finanzmarktaufsichtsbehördengesetz (Financial Market Authority Act), (english translation: retrieved at 08.03.2020 from https://www.fma.gv.at/en/national/supervisory-laws/)
FMA, Fakten, Trends und Strategien 2020, (December 2019), (retrieved at 15.03.2020 from https://www.fma.gv.at/fakten-trends-und-strategien-2020/)
FMA, FinTech Navigator (retrieved at 08.03.2020 from https://www.fma.gv.at/en/crosssectoral-topics/fintech-navigator/)
FMA, Kontaktstelle FinTech Jahresbericht 2018 (Annual Report 2018 of the FinTech Point of Contact), (2019), (retrieved at 08.03.2020 from https://www.fma.gv.at/en/cross-sectoraltopics/fintech-navigator/)
Krimphove/Rohwetter, Regulatory Sandbox – Sandkastenspiele auch für Deutschland?, BKR 2018, 494
Ministerialentwurf (ministerial draft) betreffend Bundesgesetz, mit dem das Finanzmarktaufsichtsbehördengesetz geändert wird (retrieved at 08.03.2020 from https://www.parlament.gv.at/PAKT/VHG/XXVI/ME/ME_00142/index.shtml)
Möslein/Omlor, Die europäische Agenda für innovative Finanztechnologien (FinTech), BKR 2018, 236
UN Secretary-General, Roadmap for Financing the 2030 Agenda for Sustainable Development, (2019), (retrieved at 08.03.2020 from https://www.un.org/sustainabledevelopment/sg-finance-strategy/)
UNSGSA, Briefing on Regulatory Sandboxes, (2017), (retrieved at 07.03.2020 from https://www.unsgsa.org/files/1915/3141/8033/Sandbox.pdf)