Glossary

Regulatory Sandbox

A regulatory sandbox is a controlled environment where fintech and crypto companies can test new products under relaxed regulatory oversight.

Key Takeaways

  • A regulatory sandbox lets fintech and crypto companies test innovative products in a controlled environment with temporary exemptions from full regulatory requirements, reducing time-to-market while protecting consumers.
  • Major sandbox programs include the UK FCA (launched 2016, nearly 200 firms tested), Singapore MAS, Abu Dhabi ADGM, and US state-level programs in Arizona and Wyoming. These frameworks shape how money transmitter and e-money license requirements apply to new entrants.
  • Stablecoin issuers increasingly use sandboxes to test products before full compliance: the UK FCA launched a dedicated stablecoins cohort in late 2025, and the GENIUS Act mirrors sandbox graduation logic with its $10 billion threshold for federal oversight.

What Is a Regulatory Sandbox?

A regulatory sandbox is a framework established by a financial regulator that allows companies to test innovative products, services, or business models in a live market environment with real customers, while operating under relaxed or modified regulatory requirements for a defined period. The concept originated in the United Kingdom in 2015, when the Financial Conduct Authority (FCA) proposed it as part of a broader initiative to encourage financial innovation.

The core idea is straightforward: regulators grant temporary exemptions so that startups and established firms can experiment without bearing the full cost of compliance upfront. In return, participants agree to safeguards such as customer caps, transaction limits, enhanced reporting, and consumer protection measures. The regulator observes how the product works in practice and uses those observations to inform future rules.

By 2020, the World Bank counted 73 fintech sandboxes across 57 countries. More than half were created between 2018 and 2019, reflecting rapid global adoption of the model. The sandbox approach has since expanded beyond traditional fintech into cryptocurrency, stablecoins, digital securities, and AI-driven financial services.

How It Works

While each jurisdiction designs its sandbox differently, most follow a similar lifecycle:

  1. Application: the company applies to the regulator, describing the product it wants to test, the target market, and the consumer protections it will implement
  2. Evaluation: the regulator assesses whether the product is genuinely innovative, whether existing regulations prevent or hinder its launch, and whether the company has adequate safeguards
  3. Testing: accepted firms operate under tailored regulatory conditions for a set period (typically 6 to 24 months), serving a limited number of customers
  4. Monitoring: the regulator maintains close oversight throughout, receiving regular reports on performance, consumer outcomes, and risk indicators
  5. Graduation: at the end of the testing period, the company must either obtain a full license, modify its product to comply with existing rules, or exit the market

Typical Sandbox Constraints

Regulators impose boundaries to contain risk during the testing period. Common constraints include:

  • Customer caps: limiting the number of users who can interact with the product (Arizona, for example, caps sandbox participants at 10,000 customers)
  • Transaction limits: restricting the size or aggregate value of transactions (Arizona sets a $2,500 per-transaction limit and $25,000 aggregate per customer for money transmitter activities)
  • Time limits: testing periods typically range from 12 to 24 months
  • Disclosure requirements: firms must inform customers that the product is being tested under sandbox conditions
  • Exit plans: companies must have procedures to wind down gracefully if the test fails or the sandbox period ends without graduation

Notable Regulatory Sandboxes

UK Financial Conduct Authority

The UK FCA launched the first major regulatory sandbox in June 2016 and remains the global benchmark. In its initial cohort-based model (Cohorts 1 through 7), 166 firms tested innovations across payments, lending, insurance, and capital markets. The first cohort received 69 applications, accepted 24 firms, and approved testing plans for 18 of them.

In 2021, the FCA transitioned from a cohort model to an "always open" format, accepting applications year-round. Since going always-open, the FCA has received over 630 applications and accepted 31 additional firms, bringing the total to nearly 200 sandbox participants. In November 2025, the FCA launched a dedicated stablecoins cohort, selecting four firms (including Revolut, which is testing a GBP-denominated stablecoin) from 20 applicants. Insights from this cohort are expected to shape the UK's permanent stablecoin regulatory framework in 2026.

Singapore MAS

The Monetary Authority of Singapore (MAS) launched its sandbox in November 2016, allowing financial institutions and fintech companies to experiment with innovative products in a live environment with relaxed legal requirements. MAS has since expanded the framework into three tiers:

  • Sandbox (2016): the original framework for live testing with regulatory relaxations and safeguards to contain the consequences of failure
  • Sandbox Express (2019): a fast-track mechanism for low-risk fintech innovations, with approval timelines as short as 21 days
  • Sandbox Plus (2022): an enhanced framework for higher-risk and complex projects, with eligibility expanded to early adopters and concurrent application for financial grants of up to S$500,000

Abu Dhabi ADGM

The Abu Dhabi Global Market (ADGM) launched its RegLab in November 2016, becoming the first regulatory sandbox in the Middle East and North Africa region. The program ran at least four cohorts, attracting participants from the UAE, Kenya, India, Singapore, and the UK. ADGM was also the first jurisdiction in Abu Dhabi to establish a crypto-asset regulatory framework. The program later evolved into a Digital Lab, providing cloud infrastructure, API gateways, and synthetic data tools for testing.

US State-Level Programs

Arizona became the first US state to launch a regulatory sandbox in March 2018, when Governor Doug Ducey signed HB 2434 into law. The program is administered by the Arizona Attorney General and allows companies to test for up to two years before requiring formal licensure. Wyoming followed in 2019 with its Financial Technology Sandbox Act, administered by the Banking Commissioner.

Since then, multiple states have enacted sandbox legislation, including Florida, Nevada, Utah, Kentucky, Vermont, North Carolina, West Virginia, and Hawaii. Each program has its own parameters, but they generally provide temporary relief from state-level licensing requirements such as money transmitter licenses.

US Federal Efforts

At the federal level, the Consumer Financial Protection Bureau (CFPB) launched a Compliance Assistance Sandbox in September 2019, providing firms with temporary relief from uncertainty around consumer finance regulations. The CFPB rescinded the program in 2022 but re-established it in January 2025.

In May 2026, President Trump signed an executive order titled "Integrating Financial Technology Innovation into Regulatory Frameworks," directing six federal regulators to review existing rules and take steps to encourage fintech innovation within 180 days. The order also directed the Federal Reserve to evaluate access to its payment accounts for non-bank financial companies.

Sandboxes and Stablecoins

Regulatory sandboxes have become particularly relevant for stablecoin issuers navigating complex and evolving compliance landscapes. Because stablecoins touch multiple regulatory domains (payments, e-money, securities, banking), a sandbox provides a structured path to test products before committing to a specific licensing regime.

The UK FCA's stablecoins cohort (launched November 2025) is the most direct example. Four firms are testing stablecoin issuance, custody, and settlement under FCA supervision, with findings expected to inform permanent UK stablecoin rules. One participant, Revolut, is testing a GBP-denominated stablecoin backed by pound-denominated reserve assets.

The sandbox graduation concept also appears in formal stablecoin legislation. The GENIUS Act, signed into law in July 2025, creates a dual oversight model where state-supervised stablecoin issuers must "graduate" to federal oversight (under the Fed, OCC, or NCUA) once their circulation exceeds $10 billion. This threshold mirrors the sandbox principle of testing at smaller scale before full regulatory compliance. In Europe, the MiCA regulation takes a different approach, establishing upfront licensing categories for e-money tokens and asset-referenced tokens rather than relying on sandbox testing.

For a detailed comparison of how different jurisdictions regulate stablecoins, see our global stablecoin regulation tracker.

Why It Matters

Regulatory sandboxes address a fundamental tension in financial regulation: rules designed to protect consumers can also prevent innovation that would benefit them. Traditional licensing processes often require months or years of compliance work and significant capital before a company can serve a single customer. For startups building on new technology like blockchain, stablecoins, or embedded finance, these barriers can be prohibitive.

Sandboxes benefit both sides. Companies get faster access to market and a direct channel to regulators, reducing the guesswork around compliance. Regulators gain firsthand insight into how new technologies work, which helps them write better-informed rules. The UK FCA's stablecoins cohort is a clear example: the regulator is explicitly using sandbox observations to shape its permanent stablecoin framework.

For companies building on Bitcoin and stablecoin payment infrastructure, sandboxes offer a way to demonstrate compliance readiness without the upfront cost of full licensure across multiple jurisdictions. This is particularly valuable in cross-border payments, where a product may need to satisfy money transmitter requirements in the US, e-money licensing in Europe, and separate frameworks in Asia and the Middle East.

Risks and Considerations

Limited Scale

Sandbox parameters inherently restrict the number of customers, transaction values, and testing duration. A product that works for 10,000 users may encounter entirely different challenges at 10 million. The controlled environment makes it difficult to prove viability at production scale, and some business models simply cannot demonstrate their value under tight constraints.

Graduation Challenges

Exiting the sandbox is often harder than entering it. Companies must transition from temporary exemptions to full regulatory compliance, which can require significant changes to their product, operations, and capitalization. Many sandboxes lack clear graduation criteria, leaving firms uncertain about what "passing" looks like. Research from the World Bank found that sandbox processes frequently do not feed into broader regulatory reform, limiting their utility for products that need new rules rather than exemptions from existing ones.

Regulatory Arbitrage

With dozens of sandboxes operating globally, companies can engage in "sandbox shopping": choosing the jurisdiction with the most favorable testing conditions rather than the one most relevant to their target market. Without coordination between regulators, this dynamic can incentivize competitive deregulation. The MiCA framework in Europe attempts to address this by establishing uniform licensing requirements across EU member states rather than leaving regulation to individual national sandboxes.

Effectiveness Questions

Despite widespread adoption, evidence for sandbox effectiveness is mixed. World Bank research found that less than 25 percent of sandbox-tested solutions directly addressed financial inclusion, and results on whether sandboxes increase market competition are inconclusive. Critics argue that proponents overstate potential benefits without engaging with empirical evidence. Participants may also gain unfair advantages over competitors who go through traditional licensing, creating an uneven playing field.

Evolving Approaches

Recognition of these limitations has led to proposals for alternative models. The World Economic Forum introduced the concept of a "regulatory airport" in 2024: a more sustained framework that provides ongoing regulatory support rather than time-limited testing windows. Similarly, Singapore's three-tier system (Sandbox, Sandbox Express, Sandbox Plus) represents an evolution beyond the original one-size-fits-all model, offering different pathways based on a product's risk profile and complexity.

This glossary entry is for informational purposes only and does not constitute financial or investment advice. Always do your own research before using any protocol or technology.