In light of the ever-increasing consumer appetite for payment solutions and emerging disruptive technology in the financial services space, the Central Bank of Nigeria (CBN) has been compelled to explore new and more flexible ways of engaging with the industry. And one of the options being considered is Sandbox Operations with the Exposure Draft Framework for Regulatory Sandbox Operations.

What is a Sandbox?

In the context of software and web development, a sandbox is is an isolated testing environment that enables users to run programs or execute files without affecting the application, system or platform on which they run. Software developers use sandboxes to test new programming code and cybersecurity professionals use sandboxes to test potentially malicious software. Without sandboxing, an application or other system process could have unlimited access to all the user data and system resources on a network.[1]

Consequently, a regulatory sandbox enables financial institutions and FinTech players to experiment with innovative financial products or services in a live environment but within a well-defined controlled environment under a regulator’s supervision.

Sandbox Cohorts

A Sandbox Cohort is a group of innovators that have been allowed into a Regulatory Sandbox at the same time for the same period. Typically, a cohort is made up of a predetermined number of innovators and the type of innovators to be accepted into a cohort is determined by the Regulatory Sandbox’s eligibility criteria and strategic objectives. Under the Framework, there will be one cohort per year which will be named after the year in which the cohort was accepted. It is important to note that the number of innovators to be accepted into a cohort is a function of the CBN’s capacity to support the innovators.

The Draft Framework for Regulatory Sandbox Operations (Framework)

The Framework is being introduced by the CBN to create a formal process for firms to conduct live tests of new, innovative products, services, delivery channels, or business models in a controlled environment, with regulatory oversight, subject to appropriate conditions and safeguards. According to the CBN, this would assist the Bank with being abreast of innovations in the payment systems space without compromising its responsibility for the safety, reliability and efficiency of payment systems.

Therefore, the purpose of the Framework is to establish the Sandbox and clearly define the, rules and regulations for the operation of a Sandbox for the Nigerian payments system to promote effective competition, embrace new technology, encourage financial inclusion and improve customer experience.

Objectives of the Framework

The objectives of the Framework are as follows:

  1. To increase the potential for innovative business models that advance financial inclusion;
  2. To reduce time-to-market for innovative products, services, and business models;
  3. To increase competition, widen consumers’ choice and lower costs;
  4. To ensure appropriate consumer protection safeguards in innovative products;
  5. To clearly define the roles and responsibilities of stakeholders and the operations of the Sandbox for the Nigerian payments system industry;
  6. To ensure adequate regulations for the creation of an enabling environment for innovation without compromising on the safety of consumers and the overall payments system; and
  7. To provide an avenue for regulatory engagement with FinTech firms in the payment space, while contributing to economic growth.

Scope of the Framework

The Framework provides standards for the operations of a Regulatory Sandbox, and prescribes the processes and procedures for analysing, collecting, updating, integrating, and storing consumer data and information. It is important to note that the Regulatory Sandbox cannot be adopted to circumvent existing laws and regulations and is therefore not appropriate for a proposed product, service or solution that is already appropriately addressed under prevailing laws and regulations. Indeed, products already rejected by the regulators or the Federal Government of Nigeria would not qualify for sandbox trials.

Eligibility Criteria for Regulatory Sandbox Participation

The Sandbox application process is open to both financial institutions with FinTech initiatives and other companies which may include financial sector companies as well as technology and telecom companies intending to test an innovative payments product. Innovators whose proposed solution involves technologies which are currently not covered under existing CBN regulations can also apply.

The eligibility criteria for applicants is as follows: 

  1. The product, service or solution must be innovative and have clear potential(s) to:
  2. improve accessibility, customer choices, efficiency, security, and quality in the provision of financial services; or
  3. enhance the efficiency and effectiveness of Nigerian financial institutions’ management of risks
  4. address gaps in or open up new opportunities for financial benefits or investments in the Nigerian economy; or
  5. The applicant must have conducted an adequate and appropriate assessment to demonstrate the usefulness and functionality of the product, service or solution and identified the associated risks which should be devoid of adverse effect to existing structures and consumer experience;
  6. The applicant has the necessary resources to support testing in the sandbox such as the resources and expertise to mitigate and control potential risks and losses arising from providing the product, service or solution;
  7. The applicant should have a realistic business plan to deploy the product, service, or solution on a commercial scale in Nigeria after exit from the sandbox.

Having regard to the risks inherent in participation in the Regulatory Sandbox, applicants are required to propose appropriate safeguards to address these risks. In assessing the risks and evaluating the proposed safeguards, the CBN will consider the following:

  1. preservation of sound financial and business practices consistent with monetary and financial stability;
  2. promotion of the fair treatment of consumers;
  3. compliance with Anti-Money Laundering (AML) regulations;
  4. protecting the confidentiality of customer information;
  5. promotion of the safety, reliability and efficiency of payment systems and payment instruments;
  6. encouragement of healthy competition for financial products and services.

Operational Requirements of the Regulatory Sandbox

The CBN’s operational requirements for participation in the Regulatory Sandbox would be divided into the following phases:

  1. Filing
  2. Reporting while in the Regulatory Sandbox
  3. Exit conditions and approval for expiration, and/or
  4. Evaluation and Review of an approval

Responsibilities of the CBN and Participants in the Regulatory Sandbox

Under the Framework, the CBN is responsible for:

  1. issuance and periodic review of the Framework for Regulatory Sandbox Operations
  2. ensuring that the objectives of the Regulatory Sandbox are fully achieved; and
  3. providing regulatory oversight on the Regulatory Sandbox participants’ operations and systems.

Under the Framework, participants in the Regulatory Sandbox must:

  1. monitor and supervise their operations and the activities of their staff.
  2. monitor effective compliance with set limits and establish other prudential measures; and
  3. take all other measures to ensure that it operates strictly within the requirements of the Framework.

Customer Safeguards for a Regulatory Sandbox

As part of the evaluation phase of the operational requirements, the CBN and the Innovator must agree on the safeguards that would mitigate the risks consumers may be exposed to as a result of participating in the testing exercise. Whilst the measures are typically bespoke to each test, the risk mitigation measure deployed would depend on the nature of the risks identified and be proportionate to the impact and probability of the risks occurring or causing consumers any disadvantage.

While the list is inexhaustive, some of the measures typically deployed as customer safeguards are as follows:

  1. limitations on the number and type of customer(s)/clients that will participate in the test.
  2. limitations on the type and size of transactions.
  3. providing adequate disclosure of the potential risks to customers participating in the Regulatory Sandbox and confirmation from such customers that they fully understand and accept the attendant risks;
  4. Limiting the duration of the testing period to a maximum of six (6) months on a cohort basis, or promptly asking for an extension when needed;
  5. providing a consumer redress mechanism, including the possibility for financial compensation for Regulatory Sandbox participants whose data are compromised in a test under clearly specified circumstances
  6. conducting system penetration simulations; and
  7. obtaining the consumers’ prior written consent to participate in the test.


The ever-increasing demand by consumers for technology-based solutions in the financial sector has triggered the introduction of diverse technological innovations in the global financial service space. This has brought to fore the need for specific regulatory frameworks to supervise the introduction of these new technologies and minimise the disparity the innovations introduced. With proper implementation, it is expected that the Framework will to a reasonable extent assist the CBN to achieve a more organised and monitored introduction of FinTech innovations into the country’s financial industry.

The information and opinions in this publication are provided for general information only. They are not intended to constitute legal or other professional advice. If you would like additional information, please contact the author at o.an[email protected]

© All Rights Reserved. Sefton Fross is a leading full-service law firm in Nigeria internationally recognised for its expertise in corporate, commercial and mergers and acquisitions.

Leave a Comment

Your email address will not be published.