Introduction

Over the years, the financial sector in Tanzania has been rapidly growing, and one need not use a telescope to see the surge of fintech products in the market. However, innovators often encounter regulatory compliance hurdles that limit their ability to test products and enter the market effectively. To foster a dynamic fintech ecosystem within the country, the Bank of Tanzania (BOT) introduced the Bank of Tanzania (Fintech Regulatory Sandbox) Regulations, 2024, as detailed in Government Notice (GN) No. 540, published on July 5, 2024. The Fintech Regulatory Sandbox is expected to provide a more flexible, relaxed, and controlled environment for entities to test their products, scale solutions and enter the market with reduced regulatory burdens.

On 28th November 2024, BOT officially announced the opening of the first application window for its Fintech Regulatory Sandbox. The window will run from 2 December 2024 to 22 January 2025 (See attached BOT notice below). BOT now invites entities to apply to participate in the Fintech Regulatory Sandbox. The Fintech Regulatory Sandbox aims to nurture fintech innovation while maintaining a regulatory framework that prioritizes accountability, consumer trust, and data security.

This article provides a detailed overview of the application process, requirements, procedures, and regulations for the BOT Fintech Regulatory Sandbox to ensure clarity and ease of understanding of these new Regulations.

What are regulatory sandboxes?

The term “regulatory sandbox” originates from the technology sector, where a “sandbox” is a closed virtual environment designed for testing safely isolated web products or software projects.

A regulatory sandbox is a controlled setting whereby an entity can test innovative products, services, or business models in a less restrictive setting within a predefined amount of time. Innovative fintech products are disrupting traditional financial systems, particularly from a regulatory perspective.

Regulatory sandboxes serve as an attempt to manage and absorb the disruption being brought by rapid technological advancements within the financial sector. Globally, regulators have established regulatory sandboxes to seek a balance between the traditional regulatory objectives of economic stability and consumer protection with the objectives of promoting growth and tech innovations.

Brief Highlight of The BOT Fintech Regulatory Sandbox 2024

Application & Eligibility

A scrutiny of Regulation 2 of the Bank of Tanzania (Fintech Regulatory Sandbox) Regulations, 2024 (Hereinafter the Regulations) denotes that an applicant must be a company. The Regulation also specifies that the Applicant’s activities must involve innovations not currently addressed by the existing legal framework. The Regulations are to apply to the following entities:

  1. Financial service providers licensed by the BOT.
  2. Fintech companies collaborating with licensed financial service providers
  3. Fintech companies intending to offer financial products and services regulated by the BOT.

A “Fintech Company” is defined under Regulation 3 to mean an entity incorporated in the United Republic for the delivery of innovative financial solutions to the market. This means that only companies incorporated in Tanzania are eligible to apply for the BOT Fintech Regulatory Sandboxes. Regulation 3 further defines Financial Solution to mean;

“any product, service, delivery channel, technology or business model and include digital payments; digital lending; money transfer and remittance services; digital know your customer; digital platform; digital identification services; cyber security services and products; sustainable financing; mobile technology applications; big data and data analytics; applications using distributed ledger technologies and artificial intelligence and machine learning applications and any other product, service, delivery channel, technology or business model as may be approved by the Bank;”

Procedure & Approval Process

Regulation 5 provides that the Application window for participating in Fintech Regulatory Sandboxes shall be on a quarterly basis upon public invitation by BOT. An entity interested in applying must complete a specified form available at https://frsp.bot.go.tz/ , prepare a cover letter as per Part B of Schedule to the Regulations, attach all necessary documents as itemized under Regulation 5(3) to be submitted to the Bank for evaluation and approval. The documents required in the application include proof of source of fund, realistic business plan, risk management document, detailed description of the financial solution, Anti-Money Laundering & Terrorism financing policy and several others. The Bank will then assess the applications and notify the Applicant of the evaluation results within 45 days. The BOT can approve the application or reject the application by stating reasons. Those whose applications are rejected shall have the opportunity to reapply within six months if the initial highlighted deficiencies are rectified.

Testing

Upon approval, the Regulations mandate the Participant to commence the testing two months from the date of receipt of approval and in case a Participant fails to commence testing, then, they shall be required to furnish the Bank with written reasons for such failure. The testing period is stated to be twelve months from the date of receipt of approval. However, the BOT has the power to extend the testing period if issues or risks arise that necessitate additional time.

A Participant is obligated to test the proposed financial solutions in the testing environment in line with the conditions provided in the approval and is required to submit quarterly progressive reports to the BOT. The report is to include key milestones, risk identified, customer complaints, operational challenges, data protection details, list of customers, change of ownership in Participant or any other relevant information.

At the end of the testing period, the Participant is required as stated under Regulation 15 to submit a final report detailing the performance of the test, any risks identified, measures taken to mitigate those risks, and their readiness to deploy the tested financial solutions in the market. Based on this report, the BOT will decide whether to recommend the deployment of the financial solutions to the market or prohibit deployment if there are unintended negative consequences for the public, unsuccessful test results, or potential threats to the stability of the financial sector as stipulated under Regulation 16.

Approval Withdrawal

Regulation 13 grants the Bank of Tanzania (BOT) the authority to withdraw approval for any participant in the Fintech Regulatory Sandbox at any time before the end of the testing period. Approval may be withdrawn in the following circumstances:

  1. The participant fails to meet the conditions of approval.
  2. The participant falsifies, misrepresents, conceals, or fails to disclose material facts in their application.
  3. The participant contravenes any laws of Tanzania.
  4. The participant undergoes insolvency.
  5. The participant conducts business in a manner detrimental to customers.
  6. The participant fails to effectively address technical defects, flaws, or vulnerabilities in the financial solution being tested.

Before withdrawing approval, BOT will afford the participant 14 days to demonstrate good cause as to why the approval should not be revoked. If BOT determines that the Participant’s reasons are insufficient, it will proceed to withdraw the approval and notify both customers and the public of the decision. However, in exceptional circumstances where BOT deems immediate action necessary to protect customer interests, approval may be withdrawn without the opportunity to show cause to the Participant. Upon, approval withdrawal the Participant is to cease the provision of the financial solution, notify customers of cessation, right of redress and compensate any customer who suffered a financial loss arising from the testing as stated under Regulation 14.

Liabilities and Penalties

Participants in the Fintech Regulatory Sandbox are subject to continuous supervision by the BOT, which actively monitors operations and conducts on-site inspections to ensure compliance with the set boundaries. To enforce adherence to the regulations, the BOT is given administrative powers to sanction. Participants who breach the terms and conditions of participation. Penalties for non-compliance include:

 – Issuance of warnings.

 – Suspension from participating in the Fintech Regulatory Sandbox for up to one year.

These measures are designed to ensure Participants operate responsibly and within the framework provided by the BOT.

It is essential to emphasize that approval to participate in the Fintech Regulatory Sandbox does not constitute full-fledged authorization to provide financial solutions to the general public. Instead, it is a permit for testing financial solutions within a controlled market environment, as outlined in Regulation 7(3) of the Regulations.

Key Principles in the Regulations

The Bank of Tanzania’s Fintech Regulatory Sandbox Regulations are built upon several key principles as highlighted below:

Transparency: Transparency is a cornerstone of these Regulations, requiring participants to maintain open and clear communication throughout the process, from application to exit. Regulation 17 explicitly obliges participants to: Keep accurate and detailed records of their financial solutions, including challenges encountered and corresponding risk mitigation measures. Document customer participation in the testing process and report regularly to the BOT on the progress and outcomes of testing activities. These ensure accountability and enable the BOT to maintain a clear view of activities within the Sandbox.

Consumer Protection: A primary focus of the Regulations is balancing the promotion of innovation with the protection of consumers. Key measures ensure that:

  • Consumers are informed about the experimental nature of the financial solutions being tested.
  • Risks associated with participation in the Sandbox are disclosed to consumers.
  • Participants adhere to ethical practices to avoid exploitation or harm to customers.

By centering on consumer protection, the Regulations foster trust in fintech solutions being developed.

 Data Protection: Participants are required to handle data responsibly and in compliance with applicable personal data protection laws, as outlined in Regulation 18. Specifically, participants must:

  • Implement robust measures to safeguard any data collected during testing.
  • Dispose of all customer personal data upon the withdrawal of approval or the completion of the testing process.

These provisions ensure that innovation does not compromise the privacy and security of individuals’ personal information.

Our Snapshot Analysis of the Regulation

The Fintech Regulatory Sandbox Regulations introduced by the Bank of Tanzania provide a framework for fostering innovation in financial services. However, our analysis highlights a few gaps and challenges within the Regulations that require attention for greater clarity and efficacy:

  1. Lack of Defined Evaluation Criteria: The Regulations do not specify the criteria that the BOT will use to approve or reject applications for participation in the Sandbox. This omission creates uncertainty for participants as it leaves applicants unsure about the standards or thresholds they need to meet. Clearly defined evaluation criteria if included could guide applicants and enhance transparency in the application process.
  2. Challenges for Multi-Regulatory Fintech Solutions: Many fintech innovations span across multiple regulatory frameworks and may require approval from other regulatory bodies beyond the BOT. This creates several challenges: A participant may receive approval to join the Fintech Sandbox but fail to commence operations due to ineligibility for licensing from other regulatory authorities due to the innovative nature of the solution. Second, Delays in obtaining licenses or approvals from other bodies could hinder the participant’s ability to meet Sandbox timelines or achieve testing objectives. To address this issue, it would be beneficial for the government to establish a National Regulatory Sandbox. Such a structure would allow innovators to seek coordinated approvals or licenses from all relevant regulatory bodies applicable to their solution. For instance, South Africa has successfully implemented a similar approach, streamlining multi-regulator approvals to foster innovation while ensuring compliance.
  3. Lack of an Appeals or Redress Mechanism: The Regulations are silent on whether BOT’s decisions to approve or reject applications are appealable. This lack of clarity leaves uncertainty of redress for Applicants or Participants aggrieved by BOT decisions.

While we have highlighted certain gaps in the Fintech Regulatory Sandbox Regulations, it is important to commend the Bank of Tanzania for swiftly operationalizing the Fintech Regulatory Sandbox. This development marks a significant milestone in supporting fintech innovation and addressing the long-standing challenges faced by innovators in navigating regulatory frameworks. Below, we provide a brief explanation of the benefits that regulatory sandboxes bring to the ecosystem:

  • Policy prototyping: Regulatory sandboxes offer a unique opportunity for regulators to experiment with and learn about new technologies. By allowing companies to test innovative products in a controlled environment, regulators can gain a deeper understanding of the potential risks and benefits associated with these technologies. This knowledge can then be used to make informed decisions about licensing and regulation of the innovation.
  • Promoting innovation: Regulatory Sandboxes reduces regulatory barriers encouraging companies to develop new and creative solutions since there is a more flexible environment for testing, reducing the time and cost of bringing products to market.
  • Protecting consumers: A key component of Regulatory Sandbox is consumer protection whereby innovations test products but with strict adherence to customer safeguards and consumer protection aimed at minimizing harm to consumers.

Conclusion

The Fintech Regulatory Sandbox represents a forward-thinking approach by the Bank of Tanzania. It not only supports the growth and integration of innovative financial solutions but also ensures that consumer protection and data security remain paramount. This balanced approach is likely to attract more fintech and collaborations, ultimately contributing to a more dynamic and inclusive financial ecosystem in Tanzania.

ABOUT US

Victory Attorneys is a leading law firm specializing in fintech and digital innovation. Our team excels in providing cutting-edge legal solutions tailored to the dynamic fintech and digital sector. We offer comprehensive services, including licensing, regulatory compliance, data protection, and financial technology advisory. Trust us to be your partner in navigating the complexities of fintech law.

 

Article written by

Fatma Haruna Songoro & Joseph Isaac Masangula

Victory Attorneys & Consultants,

IT Plaza Building, 1st Floor,

Ohio Street/Garden Avenue,

P. O. Box 72015, Dar es Salaam.

0752 255 494 or 0752 089685

info@vivtoryattorneys.co.tz

https://victoryattorneys.co.tz/

 

ABOUT US

Victory Attorneys & Consultants is a legal powerhouse dedicated to providing services of utmost quality to a diverse clientele across all sectors. The firm is at the forefront of legal innovation in Tanzania, being the first law firm to specialize in data protection, information privacy, cybersecurity and Artificial Intelligence (AI). We are prominent for our expertise in game-changing legislative advocacy, advisory services, compliance, impact assessments, and audits in the realm of data protection and cyber.