Monday, June 29, 2020 / 02:12 PM / By CBN
/ Header Image Credit: Ecographics

The Central Bank of Nigeria (CBN) is committed to
building a financial services sector that promotes innovation in financial
services, effective service delivery, healthy competition and financial
inclusion. In this regard, the Bank has implemented several reform initiatives
towards the achievement of these objectives.
In continuation of these efforts, the CBN hereby
exposes for comments, the Regulatory Framework for Sandbox Operations in
Nigeria. The Framework details the requirements for conduct of live tests on
innovative products, services and other solutions in a controlled environment.
Kindly forward your inputs to the Director, Payments
System Management Department or through sandbox@cbn.gov.ng
on or before July 15, 2020.
1.0 Introduction
In view of increasing consumer appetite for payment
solutions and emerging disruptive technology in the financial services space,
the Central Bank of Nigeria (CBN) has deemed it pertinent to ensure new, more
flexible ways of engaging with the industry. One of the options being the use
of a Regulatory Sandbox which is a formal process for firms to conduct live
tests of new, innovative products, services, delivery channels, or business
models in a controlled environment, with regulatory oversight, subject to,
appropriate conditions and safeguards. This would enable the Bank stay abreast
of innovations while promoting a safe, reliable and efficient Payments System
to foster innovation without compromising on the delivery of its mandate.
This Framework therefore defines the establishment,
rules and operations of a Regulatory Sandbox for the Nigerian Payments System
in order to promote effective competition, embrace new technology, encourage
Financial Inclusion and improve customer experience, with a view to engendering
public confidence in the Financial System.
1.1 Objectives
The objectives of the Regulatory Sandbox Operation in
Nigeria are as follows:
- To increase the potential for innovative business
models that advance financial inclusion;
- To reduce time-to-market for innovative products,
services, and business models;
- To increase competition, widen consumers' choice
and lower costs;
- To ensure appropriate consumer protection
safeguards in innovative products;
- To clearly define the roles and responsibilities of
stakeholders and the operations of the Sandbox for the Nigerian Payments System
industry;
- To ensure adequate provisions in regulations to
create an enabling environment for innovation without compromising on safety
for consumers and the overall
payments system; and
- To provide an avenue for regulatory engagement
with FinTech firms in the payment space, while contributing to economic growth.
1.2 Scope
The Framework provides standards for the operations of
a Regulatory Sandbox, and prescribes the processes and procedures for
analyzing, collecting, updating, integrating, and storing of consumer data and
information.
The Sandbox cannot be used to circumvent existing laws
and regulations and is therefore not suitable for a proposed product, service
or solution that is already appropriately addressed under prevailing laws and
regulations. Products already rejected by the regulators or the Federal
Government of Nigeria shall not qualify for sandbox trials.
The Bank will provide formal guidance and advice to
the sandbox applicant(s) on the modifications that can be made to align
proposed business models or solutions with prevailing laws and regulations.

1.3 Eligibility Of
Sandbox Participants
The eligibility criteria for applicants is as follows:
(a) The product, service or solution is innovative
with clear potential(s) to:
- Improve accessibility, customer choices, efficiency, security and quality in
the provision of financial services; or
- Enhance the efficiency and effectiveness of Nigerian Financial Institutions
management of risks; or
- Address gaps in or open up new opportunities for financial benefits or
investments in the Nigerian economy.
- Ensure that applicants will provide the proposed project within a limited
transaction (value and volume) for better risk management and mitigation. The
limits must not be exceeded during the testing period.
(b) The applicant has conducted an adequate and
appropriate assessment to demonstrate the usefulness and functionality of the
product, service or solution and identified the associated risks which should
be devoid of adverse effect to existing structures and consumer experience;
(c) The applicant has the necessary resources to
support testing in the sandbox. This includes the required resources and
expertise to mitigate and control potential risks and losses arising from
offering of the product, service or solution;
(d) The applicant should have a realistic business
plan to deploy the product, service or solution on a commercial scale in
Nigeria after exit from the sandbox;
1.4 Participants In The
Sandbox Operations
The Sandbox application process is open to both
existing CBN licensees (financial institutions with FinTech initiatives) and
other local companies. The later may include financial sector companies as well
as technology and telecom companies intending to test an innovative payments
product or service industry deemed acceptable by the CBN.
Others that can also apply include:
- Those proposing non-regulated technology i.e.
Innovators whose proposed solution involves technologies which are currently
not covered under existing CBN regulations.
A Letter of Approval (LoA) would be issued to the
Innovator which would allow Sandbox participants to test their innovation upon
entry into the sandbox.
1.5 Risk Assessments and
Safeguards
1.5.1 An applicant must identify the potential risks
to financial institutions and financial consumers that may arise from the
testing of the product, service or solution in the sandbox and propose
appropriate safeguards to address the identified risks.
1.5.2 In assessing the risks and evaluating the
proposed safeguards, the Bank will give due regard to the following:
- Preserving sound financial and
business practices consistent withmonetary and financial stability;
- Promoting the fair treatment of
consumers;
- Compliance with AML regulations;
- Protecting the confidentiality of
customer information;
- Promoting the safety, reliability
and efficiency of payment systems and payment instruments;
- Encouraging healthy
competition for financial products and services.
2.0 Application and
Approval Requirements
Applications to the sandbox process would involve an
invitation placed on the CBN website, and local newspaper advertisement. The
details of the advert would include the minimum eligibility criteria to
shortlist applicants who qualify to be absorbed into the sandbox.
Firms wishing to enter into the CBN's Regulatory
Sandbox must apply to the CBN through the Regulatory Sandbox online application
platform accessed via the CBN's official website [ITD/WebTeam to develop portal
upon approval]. The application must be submitted with a cover letter signed by
an authorised signatory of the entity and addressed to the Director, Payments
System Management Department, Central Bank of Nigeria, Abuja.
2.1 Documentary
Requirements
All application trials into the Sandbox shall be
accompanied with the following:
- Board Approval (where applicable)
- Certificate of Incorporation
- The company
profile and functional contact: e-mails, telephone numbers, office and postal
addresses
- Memorandum
and
- Articles
of Association
- Shareholding
structure of the Company
- Forms CAC 1.1
(Application for Registration)
- CVs of Board and
Management of the Company
- Organogram of
the Company
- Project
plan alongside a detailed business proposal
- Key outcomes
that the testing is intended to achieve
- A document
that shall outline the strategy of the sandbox trials including current
and potential engagements, geographical spread and benefits to be derived
- AML/CFT KYC Policy
- All firms shall supply
any other information that the CBN may require from time-to-time.

3.0 Operational
Requirements
The CBN operational requirements of the Sandbox would
cover, at least, the following phases:
1. Filing
requirements.
2. Reporting requirements while in the Sandbox.
3. Exit
conditions and approval for expiration, and/or
4. Evaluation and Review of an approval.
3.1. Filing Requirements
3.1.1 The Bank will inform an applicant of its
eligibility and approval to participate in the sandbox 30 working days after
completion of application requirements.
Thereafter, the Bank will engage the admitted
participants on the following:
- Testing
parameters such as the scope and duration of the test, regulatory flexibilities
requested and frequency of reporting;
- Specific
measures to determine the success or failure of the test at the end of the
testing period;
- An exit
strategy should the test fail or be discontinued; and
- The next
steps the firm would take if the test is successful.
3.1.2 In addition to the above, applicants prior to
entry shall include the following filing requirements:
- A brief
description of the Applicant's organization, including its financial standing,
technical and business domain expertise;
- A brief
description of the financial service to be experimented on, in the Sandbox;
- A
description of how the Applicant has met the Eligibility Criteria described in
Section 1.3 with supporting evidence;
- A
disclosure of the boundary conditions for the Sandbox such as start and end
dates, target volunteer customer types, customer limits, transaction
thresholds, cash holding limits, and so on;
- An
assessment of the Applicant's readiness for testing which shall include
customer safeguards and testing plans;
- Test
scenarios must include a quantification of the maximum potential direct and
indirect losses and impact of the experiment;
- A
description of the customer communications plan, which must include risk
disclosures and material information about the company and the Sandbox;
- A
description of the targets and key performance indicators, which will be used
to determine the success of the experiment;
- A
description of information and cyber security and other relevant measures taken
by the Applicant to ensure maintaining safety of the solution;
- A description of any third-party outsourcing arrangement including the due
diligence conducted by the Applicant on the third party to ensure information
and cyber security; and
- An
assessment of the exit plan, scale-up and deployment strategy, along with an
assessment of the timeline and gaps if any in meeting any heightened legal and
regulatory requirements after exiting the Sandbox.
3.2. Reporting
Requirements While In The Sandbox
- Entities
shall put in place testing parameters to limit risks to the financial system
and for the consumers, while achieving effective testing processes.
- The participants shall set
consumer protection safeguards, to guarantee consumer protection. Consequently,
consumers participating in the testing phase need to be made aware of their
rights and especially, be provided with information and contact details of the
sandbox to report any complaint or problem they experience.
- The
participants shall ensure proper maintenance of records during the testing
period to support reviews of the test by the Bank.
- The
participant shall submit interim reports to the Bank on the progress of the
test, which includes information on the following:
- Key performance indicators, key milestones and statistical information;
- Key issues arising as observed from fraud or operational incident reports;
- An updated risk register including possibility and treatment of any emerging
risk(s);
- Details on any audits conducted (and where applicable, submission of signed
audit reports;
- Customer satisfaction report, including complaints - if any:
- A detailed log of operational or technical incidents - (if any) and steps
taken to address the same; and
- Actions or steps taken to address the key issues referred to in Section 3.1.
5. The
participants shall submit a final report containing the following information
to the Bank within 30 calendar days from the expiry of the testing period:
- Key outcomes, key performance indicators against agreed measures for the
success or failure of the test and findings of the test;
- A full account of all incident reports and resolution of customer
complaints; and
- In the case of a failed or unsuccessful test, lessons learnt from the test
and how the firm intents to wind down the test.
6. The
interim and final reports must be confirmed by the CEO of the company.
3.3 Exit Conditions And
Approval Of Expiration
- The application should
explicitly indicate the initial testing timeline (in months) for the proposed
test. To extend the testing period, a written application must be submitted by
the participants to the Bank no later than 30 calendar days before the expiry
of the testing period.
- The
application should state the additional time required and clearly explain
reasons for requiring the extension.
- To minimize market
distortion, the Bank will not generally approve a protracted extension of the
testing period unless the solution has been tested positively in general and it
can be demonstrated that the extended testing is necessary to respond to
specific issues or risks identified during initial testing.
- Upon the
completion of a sandbox test, the Bank will decide whether to allow the
product, service or solution should be introduced into the market.
- Innovators must compare
the results of their test against its original objectives and specify whether
and how they intend to scale-up the technology tested: e.g. direct to consumers
or, licensing it to other firms, or establishing new partnerships with
other CBN-licensed firms etc.
- The Bank
may also prohibit deployment of the product, service or solution in the market
upon the completion of the testing due to the following reasons:
- In the event of an unsuccessful testing based on agreed test measures; or
- The product, service or solution has unintended negative consequences for
the public and/or financial stability.

3.4 Evaluation And
Review Of An Approval
3.4.1 The CBN may evaluate and review an approval to
participate in the sandbox at any time before the end of the testing period if
the participant:
- Fails to carry out the safeguards referred to in
Sections 1.5 and 7.0.
- Submits false, misleading or inaccurate
information, or has concealed or failed to disclose material facts in its
application;
- Contravenes any applicable law administered by the
Bank or any applicable law in Nigeria or abroad which may affect the
participant's integrity and reputation;
- Is undergoing or has gone into liquidation;
- Breaches data security and confidential
requirements;
- Carries on business in a manner detrimental to
consumers or the public at large; or
- Fails to effectively address any technical
defects, flaws or vulnerabilities in the product, service or solution which
gives rise to recurring service disruptions or fraud incidents.
3.4.2 Before reviewing an approval to participate in
the sandbox, the Bank will:
- Give the participant 30 days' notice in writing of
its intention to review the approval; and provide an opportunity for the
participant to respond to the Bank on the grounds for review.
- Where any delay in reviewing the approval would be
detrimental to the interests of the participant, their customers, the financial
system or the public generally, the CBN may review the approval immediately and
provide the opportunity for participant to respond after the effective date of
review. If the response is accepted by the Bank, the Bank may reinstate the
approval to participate in the sandbox.
3.4.3 Upon the review and evaluation of an approval,
the participant must:
- Immediately implement its exit plan to cease the provision of the product,
service or solution to new and existing consumers;
- Provide notification to customers informing them of the cessation and their
rights to redress where relevant;
- Comply with obligations imposed by the CBN to dispose of all confidential
information including customer personal information collected over the duration
of the testing;
- Submit a report to the Bank on the actions taken within 30 working days
after review.
4.0 Sandbox Cohorts
The term cohort refers to the group of innovators that
share the characteristic of having been allowed to enter the Sandbox at the
same time for the same period.
There will be one cohort per year named after the year
in which the cohort was accepted (for example: 2019 Cohort). Application
windows for a given cohort as well as list of the firms included in that cohort
would be published on the Bank's website.
The number of innovators to be accepted into a cohort
is a function of the Bank's resource capacity to support innovators. Typically,
a cohort will be made up of a predetermined number of innovators, as the type
of innovators to be accepted into a cohort is based on the sandbox eligibility
criteria and on the sandbox strategic objectives.

5.0 Responsibilities Of
The Central Bank Of Nigeria
The CBN shall be responsible for:
- Issuance of the Regulatory Framework for Sandbox
Operations;
- Admitting all eligible participants into the
Sandbox process;
- Issuance of a Letter of Approval (LoA) for entry
into the sandbox;
- Issuance of an Approval-in-Principle (AIP) in
order to deploy its digital solution to the market, subject to the Innovator
being able to meet CBN's licensing requirements;
- Ensuring that the objectives of the Sandbox are
fully achieved;
- Conducting oversight on Sandbox participants' operations and systems;
- Monitoring other stakeholders to ensure
compliance;
- Issuing circulars to regulated institutions on
the operations of the Sandbox;
- Reviewing this framework for the operations of the
Sandbox from time to time;
- Apply appropriate sanctions for non-compliance
where needed;
- The Director, Payments System Management
Department of the CBN shall review cases referred to it before issuance of an
operating licence or a formal clearance to an entity/participant for the
purpose of delisting from the Sandbox.
6.0 Responsibilities of Participants
- The participants in the Sandbox shall:
- Be responsible for monitoring and supervising the
activities of its operations and staff.
- Have information on the tests carried out for each
type of service or innovation;
- Monitor effective compliance with set limits and
establish other prudential measures in each case;
- Take all other measures to enable it to operate
strictly within the requirements of this Framework.
- Address all enquiries to:
Director,
Payments System Management Department,
Central Bank of Nigeria, Corporate Headquarters
Central Business District, Abuja.
Tel. No: +234(0)946238346
7.0 Positioning Of
Customer Safeguards
As part of the evaluation phase, the Bank and
Innovator must agree on the set of consumer safeguards in order to mitigate the
risk to consumers participating in the testing exercise. While the measures are
bespoke to each test, it will depend on the nature of the risks identified, and
will be proportionate to the impact and probability of the risks occurring or
causing consumer disadvantage.
While the list is inexhaustive, below are examples:
- Limitations on the number and
type of customer(s)/clients that will participate in the test.
- Limitations on the type
and size of transactions.
- Extra requirements
related to the participating Fintech company handling and protecting of
consumer data.
- Providing adequate
disclosure of the potential risks to customers participating in the sandbox and
confirmation from such customers that they fully understand and accept the
attendant risks;
- Limiting the duration of
the testing period to a maximum of six (6) months cohort basis, or promptly
asking for an extension when needed;
- Providing a consumer
redress mechanism, including the possibility for financial compensation for
sandbox participants whose data may be harmed in a test under clearly specified
circumstances; and
- Committing adequate and
competent resources to undertake the testing and implement risk mitigation
solutions that have been proven to be effective in containing the consequences
of failure.
- Requirements to carry
out system penetration simulations.
- Requirements to obtain
consumers' prior written consent to the participation in the test.
- Restriction or prohibition
to hold or control client money or financial assets.

Related News
- CBN
Notifies of Plans to Release a Framework For The Integration of Non-interest
Window
- CBN
Releases Guidelines on Healthcare Research and Development Grant
- CBN Revises
Timelines for Dispense Errors, Refund Complaints
- CBN Extends
Timeframe for the Submission of 2019 Audited Financial Statements of OFIs
- CBN,
Bankers' Committee Suspend Lay-offs in Banks
- CBN Extends
Deadlines for Compliance With The Revised Minimum Capital Requirements for
MFBs
- CBN
Publishes Approved Service Charter
- CBN Holds
Roundtable On Going for Growth 2.0 on March 11 2020
- CBN
Releases Exposure Draft of the Guidelines for the Regulation and
Supervision of MFBs in Nigeria
- CBN
Publishes Lists of Licensed Finance Companies, DMBs, PMBs, MFBs and BDCs
As At Dec 31st, 2019
- CBN Issues
Guideline on Nigerian Payments System Risk and Information Security
Management Framework
- CBN Issues
Circular on Pre-Authorisation of Cards in Nigeria
- CBN Issues
Consumer Protection Regulations
- CBN Reviews
Charges On ATM, Card Maintenance and Others

