FAQ regulatory sandbox

FAQ relating to the application for participation in the regulatory sandbox


1. Submission of the application

1.1 Who can participate in the Sandbox?

The regulatory Sandbox is dedicated to technological innovation activities involving the banking, financial and insurance sectors and which are carried out by subjects who:

a) want to experiment a reserved activity that requires the authorisation or the inclusion in a roll, list or register kept by the supervisory authorities;

b) want to experiment an activity that is abstractly reserved, but for which they would make use of a case of exclusion provided for by law. For example, activities for granting of loans made not in relation to the public, i.e. without the character of professionalism;

c) provide services or activities relating to profiles subject to regulation in favour of a subject supervised or regulated by the Bank of Italy, Consob or IVASS. For example, think of a FinTech operator offering technological services for the benefit of a banking or financial intermediary for regulatory compliance activities. The activity therefore involves two categories of subjects: a FinTech operator (requesting admission to the experimentation) and a supervised or regulated operator;

d) they are already supervised or regulated by the Bank of Italy, Consob or IVASS and have their registered office or branch in Italy (e.g. a banking or financial intermediary, an issuer, etc.). If the subject already authorised to carry out a specific regulated activity requires a further and different authorisation in order to carry out the activity for which he is requesting admission to the experimentation, he must obtain a specific authorisation, or request a variation/extension of the authorisation he already has, as required by letter a).

1.2 Can foreign operators from another EU member state access the Italian Sandbox?

Subjects already supervised or regulated with registered office in another EU country and operating in Italy through a branch or under the freedom to provide services, can either submit a request for admission to the Sandbox or be recipients of a product/service tested by a FinTech operator.

The application for admission to the experimentation may also be submitted by operators of the European FinTech sector who are not supervised or regulated for activities to be provided in favour of a supervised or regulated entity having its registered office or branch in Italy or operating under the freedom to provide services (see Article 5, paragraph 1, letter c) of Ministerial Decree no. 100 of 2021).

In the event that the activity is provided by, or in favour of, subjects having their registered office in another State of the European Union and operating in Italy under the freedom to provide services, the Bank of Italy, Consob and IVASS may not accept the request if they believe that they do not have adequate supervisory powers to ensure adequate protection of users within the Sandbox.

1.3 Can foreign operators from a non-EU country access the Italian Sandbox?

Persons who do not have their registered office in the European Union can apply for admission to the Italian Sandbox if they already have a branch authorised to operate in the territory and, therefore, are subject to supervision or regulation by the Bank of Italy, of the Consob or IVASS (see article 5, paragraph 1, letter d), of Ministerial Decree no. 100 of 2021).

The application for admission to the Sandbox can also be submitted by operators of the FinTech sector not subject to supervision or regulation with registered office in a Country not belonging to the European Union for activities to be provided in favour of a supervised or regulated entity that has its registered office or branch in Italy or works with Italian customers under the freedom to provide services. In the event the preliminary investigation for entry to the Sandbox has a positive outcome, the admission to the experimentation is subject to the opening by the applicant of a secondary office or representative office in Italy, within 45 days from the decision of the authority that is competent for admission to the experimentation (see Article 13, paragraph 2, of Ministerial Decree no. 100 of 2021).

1.4 How can I know if the Sandbox is the right channel for my initiative?

To be admitted to the Sandbox it is necessary that the activity being tested is relevant for the profiles of competence of the Bank of Italy (https://www.bancaditalia.it/compiti/vigilanza/intermediari/index.html), Consob (/web/area-pubblica/attivita) or IVASS (https://www.ivass.it/chi-siamo/in-sintesi/compiti/index.html) and that it complies with the requirements set out in art. 6 of the Ministerial Decree no. 100 of 2021.

Interested operators can use the dedicated communication and support channels that have been set up with the aforementioned supervisory authorities to submit their initiative, to request specific clarifications on the admission criteria and methods and to be supported in identifying the competent supervisory authority:

1.5 When and how can the application form be submitted?

The application form may be submitted during specific time windows. To find out when the next time window will open, consult the section of the Bank of Italy, Consob and IVASS website dedicated to the regulatory Sandbox. The application form must be submitted in digital format by completing the form made available in the aforementioned section of the website of the supervisory authorities.

1.6 Does the application need to be completed in its entirety?

Yes, it is necessary to fill in the application form with all the information required by the form. The administrative procedure cannot be started in case of incompleteness of the application, including that deriving from the absence of the required digital signature, or in the absence of a mandatory attachment.

1.7 Are there any fees to pay for accessing the Sandbox?

No, participation in the Sandbox does not entail the payment of any type of fee, without prejudice to the application of supervisory fees, where relevant to the type of activity provided.

2. Admission to the Sandbox

2.1 When is an activity significantly innovative?

The activity to be tested must leverage innovative technologies, and contribute to offering services, products or processes in the banking, financial and insurance sectors that are truly new and different from what is already present on the national market. Innovativeness will not be evaluated exclusively with reference to the technologies used, but also considering their application to a product, process or business model relevant to the national banking, financial and insurance sector.

The novelty elements of the project must be demonstrated, also through internal analysis and/or market analysis, providing all the elements to allow the assessment of the peculiarities of one's solution compared to that of competitors at national level.

With regards to the technological aspects, a non-exhaustive list of technologies and solutions that, at present, may be relevant for the purposes of admission to the Sandbox is provided below:

  • Application Programming Interfaces (APIs)
  • Artificial Intelligence (AI)
  • Machine Learning (ML)
  • Data analysis/Big Data/ Data Analytics
  • Digital ID and authentication systems
  • Cloud Computing
  • DLT/blockchain and smart contracts
  • Quantum computing
  • Internet of Things (IoT) and wearable or mobility-supporting devices
  • Robotic Process Automation (RPA)
  • Natural Language Processing (NLP)
  • Advanced encryption mechanisms
2.2 What are the derogations that can be granted as part of the Sandbox?

The Bank of Italy, Consob and IVASS may derogate from supervisory guidelines, regulations or other general acts issued by them in the performance of their duties.

The aforementioned derogations may not, in general, concern primary legislation and the mandatory rules of the European Union. Admission to the experimentation may also be allowed to subjects incorporated as corporate forms other than those provided for by the Consolidated Banking Act (TUB), the Consolidated Law on Finance (TUF) or the Private Insurance Code (CAP) for carrying out activities subject to authorisation or inclusion in a roll, list or register by a supervisory authority or attenuated professionalism requirements.

In compliance with the above, the derogations may concern the following areas, always in compliance with the mandatory Union legislation:

  • capital requirements;
  • simplified and proportionate obligations for the activities to be carried out;
  • perimeters of operation;
  • disclosure obligations;
  • times for issuing authorisations;
  • professionalism requirements of the company representatives;
  • corporate governance and risk management profiles;
  • eligible corporate forms;
  • any financial collaterals.
2.3 When can an activity be considered as adding value?

The evaluation of the added value will be carried out in an integrated perspective, that is, considering the activity in its entirety. In particular, the proposed activity must provide added value for at least one of the four profiles identified by art. 6, paragraph 1, letter c), of Ministerial Decree no. 100 of 2021, without at the same time significantly affecting one of the others:

  • bring benefits to end-users. For example, in terms of improving the customer experience or transparency, strengthening security measures, lower costs for end users, etc.
  • contribute to the efficiency of the banking, financial or insurance system and/or operators. For example in terms of lower costs or less use of resources for the system, reduced execution times for transactions, better usability and use of information, etc.
  • make the application of regulations in the banking, financial and insurance sectors less burdensome or more effective. For example, in terms of streamlining internal processes aimed at fulfilling regulatory obligations, better data management for compliance and reporting purposes, etc.
  • improve intermediaries' risk management systems/procedures/processes. For example, in terms of cost optimisation or the use of internal resources, increased effectiveness in identifying and/or measuring/managing risks, etc.
2.4 What elements are taken into account to verify whether the activity is in a sufficiently advanced state for the experimentation?

The product/service must be ready to start the experimentation activity immediately after receiving the notification of admission to the Sandbox. In particular, the following conditions will be verified in the assessment of the application for admission:

  • complete feasibility study (precise description of the proposed solution with practical examples, precise definition of the necessary technological, human and logistical resources);
  • available or mobilisable necessary resources;
  • plan for the experimentation (for example by using a Gantt scheme) defined in terms of objectives, specific targets, timelines and milestones;
  • identification of all relevant risks (including ICT, cyber security and data protection) and of specific measures/tools to protect users;
  • proposals of metrics and analytical evaluations for monitoring the experimentation.
2.5 What elements are taken into account when verifying the prospective economic and financial sustainability of the project or the adequacy of the financial coverage?

While assessing the economic and financial sustainability, the following will be evaluated:

  • revenues adequate to prospectively cover the management costs of the activity;
  • net cash flows consistent with the investment plans and the development prospects;
  • company equity adequate to the level of indebtedness and future cash flows consistent with the repayment of the financial commitments undertaken.

The assumptions underlying the forecasted estimates must be realistic and sound.

The financial coverage, parameterised to the duration of the experimentation, must be consistent with the size of the project and provided by subjects financially able to guarantee future liquidity needs.

2.6 How long after I submitted my application will I know if I have been admitted?

Admission to the experimentation will be decided within 60 days from the closure of the admission window, unless the terms are suspended or interrupted and it will be promptly communicated. When, at the same time as admission to the experimentation, an authorisation is requested to carry out a reserved activity (see Article 5, paragraph 1, letter a), of Ministerial Decree 100 of 2021), the communication for admission will follow the terms established by the applicable legislation for authorisation procedures.

3. Initiation of the experimentation and monitoring

3.1 Will the names of the companies admitted to the Sandbox be known?

Yes, a register with the list of subjects admitted to the experimentation will be published on the website of the FinTech Committee established at the MEF. Furthermore, the Bank of Italy, IVASS and Consob will notify the public that they have admitted a subject to the experimentation.

3.2 What kind of support is offered to participants?

Through the experimentation in the Sandbox, operators will be able to test the innovative activities in close collaboration with the Supervisory Authorities, in a controlled environment, before the free offer on the market, possibly enjoying a simplified regime for a transitional period.

3.3 How long will I be able to test my solution?

The duration of the experimentation will be indicated in the admission notice. This may not exceed a period of eighteen months, except for the cases of extension provided for by art. 17 of Ministerial Decree no. 100 of 2021.

4. Termination of the experimentation

4.1 What happens at the end of the experimentation?

At the end of the experimentation in the Sandbox, the admitted subjects submit an economic and operational report on the experimentation to the competent supervisory authority and give timely information to the public on the end of the experimentation. The end of the experimentation phase entails the termination of the "Sandbox" regime and the termination of any derogations granted, with the exception of the following cases:

  • subjects admitted to the experimentation who, before the end of the experimentation, are granted an extension for carrying out the experimentation itself from the competent authority, may continue the experimentation until the end of the extension granted (see art. 17, paragraph 4, of the Ministerial Decree).
  • subjects admitted to the experimentation who, at the end of the experimentation, request the authorisation to carry out the activity or inclusion in a roll, may continue the experimentation until the issuance of the authorisation or inclusion order (see art. 17, paragraph 7, of the Ministerial Decree).

In all other cases, the experimentation cannot be continued beyond the deadline, unless the activity/product/process complies with all the provisions applicable thereto.


Download FAQ PDF version