Skip to main content
Photo of a Law Library

The Sandbox Paradox: Balancing the Need to Facilitate Innovation with the Risk of Regulatory Privilege

Brian R. Knight and Trace E. Mitchell[1]*


In recent years, a new regulatory concept, commonly referred to as a “regulatory sandbox,” has gained a great deal of attention from regulators, regulatory scholars, and those engaged in the provision of financial services.[2] Firms within the sandbox usually receive some combination of reduced regulatory burdens, limitations on regulatory liability, increased communication with and advice from regulators, and expedited regulatory decisions.[3] Regulatory sandboxes are perhaps most prevalent in the field of financial technology, often referred to as “fintech.”[4]

The United Kingdom’s Financial Conduct Authority (FCA) launched the first regulatory sandbox centered around fintech in June of 2016 as part of its initiative, Project Innovate.[5] Shortly thereafter, Singapore and Australia implemented their own regulatory sandboxes aimed at promoting the creation and development of fintech within their jurisdictions.[6] Singapore has even proposed implementing new regulatory sandboxes focused on fast-tracking the approval process for experimental products as a way to complement its existing sandbox.[7] In 2018, Arizona became the first jurisdiction, or regulatory body, within the United States to create a financial regulatory sandbox.[8] Wyoming and Utah followed suit in 2019.[9] Also in 2019, the Consumer Financial Protection Bureau (CFPB)[10] finalized its own proposal for the first federal regulatory sandbox within the United States.[11] More and more, legislative and regulatory bodies are considering adopting regulatory sandboxes to gain a competitive advantage for their jurisdictions by encouraging entrepreneurialism and innovation within the financial sphere.[12]

Although regulatory sandboxes have generated considerable excitement among some policy scholars as a way to promote entrepreneurialism and innovation while keeping regulatory oversight in place, concerns about their soundness remain.[13] The most obvious concern is that sandboxes may pose a risk to consumers or reflect a “race to the bottom.”[14] Firms faced with reduced liability or regulatory burden may be more likely to make risky decisions that could ultimately harm consumers in the pursuit of profit.[15] This has been the primary focus of the criticism leveled against regulatory sandboxes.[16]

However, sandboxes pose another risk that has not received the same level of attention within the literature or public discourse. In addition to promoting innovation within the financial sphere, regulatory sandboxes have the potential to give certain economic privileges to specific firms without extending those same privileges to other, similarly situated firms.[17] Typically, regulators approve and allow only certain firms, or types of firms, to participate in their sandbox.[18] Because regulatory sandboxes, by design, reduce the regulatory costs that an admitted firm incurs, firms approved to participate in the sandbox may receive an advantage over their nonapproved competitors. This presents something of a paradox for policy makers: for a regulatory sandbox to be effective, it must offer participants some form of regulatory relief, but this relief may provide firms with government-granted economic privilege at the expense of their rivals. This concern is an aspect of regulatory sandboxes that, so far, has been underexamined.

Critical analyses of regulatory sandboxes are almost always based on a concern for consumer protection.[19] The goal of this Article is to look at the structure of regulatory sandboxes and examine both the possible sources of government-granted economic privilege and the potential costs associated with this privilege. This Article will then propose best practices that policy makers can use to reduce the potential for economic privilege and mitigate the costs associated with it. This Article does not argue that the risk of economic privilege outweighs the benefits created by regulatory sandboxes—the balance of that equation is context dependent, and a well-designed and well-executed sandbox could indeed provide significant benefits to consumers and competitors. What this Article does contend, however, is that the risk of economic privilege exists and should be thoroughly considered as regulatory sandboxes become more and more prevalent. Given that regulatory sandboxes are so new, there are limited data available to assess whether these risks are in fact occurring. This Article therefore seeks to flag potential dangers that policy makers, market participants, and researchers should consider.

Part I of this Article provides an overview of the current regulatory sandboxes that exist in various jurisdictions, both inside and outside the United States, and the aspects of their design that have an effect on the potential for government-granted privilege. Specifically, this Part focuses on the regulatory sandboxes already established in the United Kingdom, Australia,[20] Arizona, Utah, and by the CFPB. Part II analyzes the ways in which these regulatory sandboxes have the potential to create economic privilege for certain firms or industries. Part III discusses the potential costs associated with this economic privilege, including the notions of fairness and justice, the effect of economic privilege on market signals and competition, and the potential it creates for cronyism and favoritism. Part IV considers the ways in which regulators might mitigate these potential costs and the risk of cronyism. It also details best practices that regulators could follow to mitigate this risk. Finally, Part V concludes this Article.

What Are Regulatory Sandboxes and How Do They Work?

What Is a Regulatory Sandbox?

The term “regulatory sandbox” is a broad concept that encapsulates a wide variety of newly emerging regulatory regimes, primarily in the financial sector. Its precise definition varies, depending on the jurisdiction using it and the regulatory regime it has created.[21] For the purposes of this Article, a regulatory sandbox is a legal construct that allows firms to offer products or services for a limited time and to a limited number of customers in a modified regulatory environment so that those firms can test a product or service before it is offered more broadly.[22]

Regulatory sandboxes differ from general regulatory reform in that the relief a sandbox provides applies only to specific firms on a case-by-case basis and is in effect only for a limited time.[23] Additionally, sandboxes frequently include an expectation of increased transparency, in which the regulator is able to monitor or review the participating firms’ actions and progress as a way to learn; broad, rules-based changes do not generally provide such an opportunity.[24] Fast learning and course correction are two of the greater potential virtues of regulatory sandboxes, where adjustments by firms and regulators can be quickly implemented to enhance the public interest.

How Do Regulatory Sandboxes Work?

Although regulatory sandbox designs vary across jurisdictions, they frequently share certain common criteria.[25] Where there is differentiation among jurisdictions, that might be the result of differing policy preferences or differences in the administrative bodies’ authority. The relief a regulatory body offers is constrained by the relief it is empowered to offer. This Section discusses the common criteria and processes found in sandboxes, as well as their variations. It also analyzes a variety of different sandboxes, including the U.K. FCA’s Project Innovate sandbox; the Australian Securities Investments Commission’s (ASIC) Fintech Licensing Exemption, which operated from December of 2016 until September of 2020, and some material changes introduced in the ASIC’s new, enhanced regulatory sandbox; Arizona’s fintech sandbox, administered by the Arizona attorney general’s office; the Utah’s regulatory sandbox, administered by the Utah Department of Commerce; and the CFPB’s Compliance Assistance Sandbox (CAS).

Sandbox Purpose

Jurisdictions create regulatory sandboxes to further specific policy objectives.[26] While the purposes for these sandboxes are frequently similar across jurisdictions, especially with regard to the goal of encouraging innovation, differences may arise from the mandates placed on various regulators overseeing the sandboxes, as well as from the economic and policy goals of different jurisdictions.[27]


Unsurprisingly, encouraging entrepreneurialism and innovation is one of the most frequently cited goals for regulatory sandboxes.[28] For example, the FCA established its sandbox in part to support “disruptive innovation” in the financial services market by helping to reduce the regulatory uncertainty that the FCA believes inhibits the ability of innovative products to reach the market.[29] Likewise, the ASIC’s Innovation Hub project, which included its sandbox, sought to “foster innovation that could benefit consumers by helping Australian [Fintech] startups navigate [Australia’s] regulatory system.”[30] The ASIC’s new, enhanced regulatory sandbox does not include (or renounce) the old language, but it does explicitly require the product or service being tested to meet an innovation test.[31] Arizona similarly established its sandbox to “encourage businesses to develop innovative products and services in the financial services sector.”[32] By the same token, Utah created its sandbox to attract “innovative products and services to Utah’s financial services sector.”[33] Finally, the CFPB pursued its CAS in part to further its mission to “facilitate access and innovation” when it comes to financial services.[34]

Consumer Benefit and Protection

Of course, innovation is not an end in itself but rather a means to obtaining the benefits that emanate from innovation. One of those benefits is consumer protection either from harmful or substandard products or from the harms that result from a lack of access to financial services.[35] The FCA believes that its sandbox will benefit consumers by facilitating “an increased range of products and services, reduced costs, and improved access to financial services.”[36] Likewise, the ASIC’s original sandbox arose from the agency’s commitment to “encourage[e] and facilitate[e] innovation in financial services and credit where this is likely to produce good outcomes for investors and financial consumers.”[37] Arizona’s sandbox intends to help foster “innovation aimed at making financial products and services more available, affordable, and safe for consumers.”[38] Utah’s sandbox requires applicants to describe how their product will benefit consumers as a criterion for evaluation when firms seek entry to the sandbox.[39] For its part, the CFPB explicitly justifies its CAS on the grounds that innovation leads to several benefits for consumers,[40] including increased competition, lower prices, and access to more and better financial services.[41] In all these cases, innovation intends to bring about benefits and protections for consumers.

Regulatory Access and Knowledge Sharing

Another goal that drives the creation of sandboxes is their potential to allow them to gain access to innovations early in their life cycles, permitting regulators to gain a better understanding of the products and services they are tasked with regulating and giving them the ability to encourage “responsible” development.[42] This access is obtained through communication with and supervision of entrepreneurs that the sandbox structure usually provides.[43] The FCA notes that its sandbox will allow the FCA to work with firms and ensure that their products and services are built with appropriate consumer protections before they are released more broadly.[44] The ASIC operated its original sandbox somewhat differently from most other examples.[45] It requested that firms using the sandbox submit an after-action report, in part to help the ASIC identify “key risks or issues faced by testing businesses and consumers.”[46] The new ASIC sandbox retains this requirement.[47]

Industry Support and Economic Development

Sandboxes can be established with a variety of different goals. Many of these goals aim to benefit consumers, either directly through more and better products or indirectly through a more educated and effective regulator.[48] Other sandboxes are explicitly aimed at supporting the development of the fintech industry; specific types of firms within the fintech industry, such as nonbank money transmitters and online lenders; and economic development more generally.[49]

Directly supporting innovative firms by helping them accelerate their paths to market and attract investors serves as an explicit justification for the sandbox in some jurisdictions.[50] For example, the FCA’s sandbox is justified in part by the FCA’s desire to help provide innovative firms with a way to reach the market at a lower cost and receive improved access to investment.[51] On this latter point, the FCA notes that regulatory uncertainty can serve as a barrier to firms obtaining investment and can lead to lower valuations because investors have to consider regulatory risk that is difficult for them to assess.[52] When the sandbox is able to reduce this regulatory risk for a specific firm, it increases the firm’s value for a potential investor as the firm no longer has to bear the compliance costs associated with that risk.[53] It also views improving innovative firms’ speed to market and access to capital as goals of its sandbox.[54] The ASIC believes that a lack of access to capital can become a consumer protection issue to the extent that a lack of funds forces firms to (1) race to market without taking the steps necessary to confirm they are actually ready to operate their business in a safe and appropriate manner or (2) hire people with adequate experience and competence.[55]

Regulators also use sandboxes to make their jurisdiction more attractive to potential firms, with the expectation that the sandbox will result in more jobs and tax revenue within their jurisdiction.[56] The FCA views its sandbox as a tool to “ensure that [the United Kingdom] continue[s] to be an attractive market [for innovative financial firms] with an appropriate regulatory framework.”[57] Arizona established its sandbox in part to “encourage businesses to develop innovative products and services in the financial services sector [in Arizona]” and to “sen[d] a strong message that Arizona is leading the way in fostering innovation aimed at making financial products and services more available, affordable, and safe for consumers.”[58] Likewise, Utah cites a desire to attract “innovative products and services to Utah’s financial services sector.”[59]

This support for the industry has borne fruit in some cases.[60] For example, the FCA reported that “at least 40% of firms [that] completed testing in the first cohort received investment during or following their sandbox tests.”[61] Further, firms that went through the FCA sandbox appear to enjoy “a greater degree of legitimacy with customers and investors alike.”[62] However, participation in a sandbox is not a guarantee of success, as evidenced by the fact that a nontrivial number of firms that used sandboxes ended up failing or becoming insolvent.[63]

Entry Criteria and Process

Sandboxes are limited regulatory environments that apply only in certain circumstances to further the sandboxes’ stated purposes.[64] As such, entry is usually predicated on some sort of criteria that firms need to meet in order to qualify.[65] Unsurprisingly, these criteria are generally tied to the underlying purpose of the sandbox, but they can also reflect other concerns, such as the need to preserve scarce regulatory resources.[66] Entry criteria present an important inflection point for the risk that the sandbox will become a source of undue regulatory advantage because an excessively exclusory set of criteria makes it more likely that a sandbox will underserve its relevant market and extend its benefits too narrowly.

Firm Characteristics

Different jurisdictions place varying requirements on firms that seek to enter the sandbox.[67] The FCA sandbox, for example, is open exclusively to FCA-regulated firms, firms normally regulated by the FCA but lacking a license, and service providers of FCA-regulated firms.[68] The ASIC opens its new, enhanced regulatory sandbox to “[u]nlicensed Australian businesses[,]”
“[l]ocally registered unlicensed foreign companies[,]” and “licensed businesses testing new services they are currently [unauthorized] to provide[.]”[69]

Arizona requires that firms be subject to the Arizona attorney general’s jurisdiction and have a “physical or virtual” location accessible to the attorney general’s office where testing will be conducted and records will be maintained.[70] Utah, likewise, opens its sandbox to firms that are subject to Utah’s jurisdiction, that have a physical office within Utah where testing will be conducted and where a repository for books and records will be located, and that meet certain requirements with regard to its management team and ability to adequately conduct its tests.[71] The CFPB does not impose specific requirements on the types of firms that can apply for its sandbox, although they must presumably either be subject to the CFPB’s jurisdiction or intend to work with firms that are.[72]

Product Characteristics

Much like jurisdictions place requirements on firms for admission, most jurisdictions also require that products meet certain characteristics before they can be tested in their regulatory sandbox.[73] Limiting the type of products that can be tested may be a result of limits in the regulator’s jurisdiction, specific policy objectives (e.g., a desire to attract certain types of businesses or concerns about consumer protection), or efforts to conserve scarce regulatory resources.[74]

Many of the requirements placed on products are not controversial. For example, the FCA requires that a product seeking to enter the sandbox be “in scope[,]” which means that it is the type of product an FCA-regulated company would offer or purchase.[75] Likewise, the CFPB’s sandbox is broad as to what types of products can be tested.[76] Conversely, Arizona limits its sandbox to “money transmission, consumer lending, and investment advice[.]”[77] The FCA also requires that the product be in a position to be tested.[78]

All this makes sense. Accepting a product outside of the regulator’s jurisdiction would be a waste of the regulator’s resources and the firm’s time because the regulator would not be in a position to grant meaningful relief or gain useful knowledge from the experiment.

Other criteria can be more controversial and potentially problematic. For example, the FCA, Australia, Arizona, and Utah all require that a product be innovative to qualify for admission to the sandbox.[79] The definition of “innovative” varies by jurisdiction.[80] The FCA favors products that are new or significantly different from those currently offered and disfavors products that have numerous comparable competitors.[81] Arizona and Utah also look to whether there are comparable products widely available within the state.[82] Additionally, they both require the innovation to have either new technology or new use of an existing technology.[83] The ASIC’s original sandbox regime expected firms to be new and innovative and excluded firms whose products were insufficiently innovative or failed to use technology adequately.[84] As of September 2020, however, the ASIC has imposed a formal innovation test under which it will evaluate an applicant prior to accessing the regulatory sandbox to determine whether the applicant’s product or service is sufficiently innovative to qualify for sandbox relief.[85] Depending on how strictly the technology and uniqueness requirements are interpreted, there is a risk that innovative but non-first mover firms might be blocked from entry. Further, this requirement empowers regulators to determine just what counts as “innovative,” a decision they are likely ill equipped to evaluate.[86]

In contrast, the CFPB’s sandbox does not contain a technological component when it considers whether a product is eligible;[87] nor does it appear to require that the product be unique.[88] In fact, when a substantially similar product exists, the CFPB allows for an applicant to seek “compliance assistance based on public information” on the existing product.[89] Utah created a similar provision, whereby if a competitor is participating in the sandbox, this favors a firm’s admission.[90]

Many sandboxes also impose a limit on the number of consumers that can access the product.[91] For example, the FCA negotiates limits with a firm at the time of application,[92] and Arizona limits the number of customers, the size of individual transactions, and the size of aggregate transactions per customer that the firm may have while within the sandbox.[93] Meanwhile, Utah grants its regulator the discretion to set limits on the number of customers allowed to experiment with a specific sandboxed product and dollar limits the firm must adhere to.[94]

Entry Process

The FCA, Arizona, Utah, and the CFPB all require that firms submit an application to access their respective sandboxes.[95] As part of the application process, the firm is generally required to provide details about the firm; the product or service it seeks to test; the type of questions or regulatory uncertainty it seeks to address through the use of the sandbox; how the product can benefit consumers; what form of regulatory relief or clarity the firm seeks; and how the firm plans to protect consumers.[96]

Once a firm submits an application, the regulator evaluates it.[97] Regulators in Arizona, in Utah, and at the CFPB must review and decide on the application within a limited time frame (ninety days for Arizona and Utah, with the possibility of a mutually agreed upon extension[98] and sixty days for the CFPB, with the understanding that extenuating circumstances may increase the time required).[99] Regulators generally have broad discretion as to whether to grant an application,[100] although Utah at least requires the regulator to provide a written description of its reasons for rejection.[101]

Australia As a Limited Exception

The original ASIC sandbox differed considerably from the FCA, Arizona, Utah, and CFPB sandboxes in that it did not require the regulator to approve a firm before the firm could take advantage of the sandbox.[102] As Dirk Zetzsche and his coauthors argue, the ASIC “sandbox” may have served, at least in part, as more of a “class waiver” for a broad swath of fintech firms that met certain criteria, rather than as a traditional sandbox.[103] In fact, the ASIC’s new, enhanced regulatory sandbox explicitly states that the sandbox acts as a “class waiver from licensing for certain financial services and credit activities.”[104] In addition to programs that provide firm-specific relief, the ASIC’s Fintech Licensing Exemption formerly allowed qualifying firms to test certain products in the market for a limited period of time without obtaining a license that would otherwise be required.[105]

Although the ASIC’s Fintech Licensing Exemption lacked a front-loaded application process, a firm was still required to notify the ASIC if it intended to take advantage of the exemption and to provide information showing it met the necessary qualifications.[106] This requirement included information on the firm’s business model, management, insurance coverage, and membership in a dispute resolution regime.[107] Further, despite the ASIC’s Fintech Licensing Exemption lacking the firm-by-firm discretion of other sandboxes, it had more proscriptive requirements that firms had to satisfy, including limiting the number of customers and amount of value transacted, requiring the firm to have adequate resources compensate customers in the event of mishap, and mandating the firm to make certain disclosures to customers.[108]

As of September 2020, the ASIC modified the entry requirements for its enhanced regulatory sandbox.[109] While the new ASIC sandbox is still primarily a notification system, it now requires firms seeking access to submit a prescribed notification form to the ASIC and have their product or service satisfy certain eligibility requirements.[110] This includes the firm leadership’s character and fitness as well as the net public benefit and innovative nature of a product or service, which is determined by two formal tests.[111] While these requirements are similar to the ASIC’s previous requirements, the new regime allows the ASIC staff to block a firm from taking advantage of the sandbox if the firm fails to meet the entry criteria.[112] The ASIC staff has thirty days to notify the firm.[113] If it fails to notify within 30 days, the firm can begin to take advantage of the sandbox, though the ASIC staff can remove the firm at any time for failing to meet criteria.[114]

Relief Offered

The type of relief a sandbox will offer depends on the policy goals that led to its establishment as well as the powers held by the administering regulator.[115] For example, the FCA operates with broad authority as both a licensing and conduct regulator with a competition mandate.[116] Therefore, the FCA can offer multiple forms of relief, ranging from restricted authorization (a sort of learner’s permit) to no-action letters, rule waivers and modifications, and individual guidance.[117] The former ASIC Fintech Licensing Exemption served to remove the need—at least temporarily—for a license to allow firms to test their products or services.[118] Additionally, the ASIC offered other forms of relief, such as a waiver of certain rules and regulations.[119] The ASIC’s new, enhanced regulatory sandbox appears to contemplate providing similar relief.[120] Conversely, both Arizona and Utah explicitly state they will not provide firms with legal advice.[121] Rather, relevant regulators in Arizona and Utah provide firms with a limited license to test their products or services.[122]

Although the FCA, Arizona, Utah, and the ASIC are all licensing bodies and can therefore offer limited-access licenses or temporarily waive the licensing requirement, the CFPB does not license firms.[123] As such, it cannot provide a limited-purpose license.[124] Instead, the CFPB provides firms with a Compliance Assistance Statement of Terms (CAST) that extends CFPB approval for a particular offering, provided it meets the requirements stipulated in the CAST.[125] Approval means that the CFPB believes the product or service is in compliance with the law and that the firm will have a safe harbor from liability so long as it remains in compliance with the requirements set forth in the CAST.[126]

An additional limitation to the scope of relief that can be offered exists when there are regulators with overlapping jurisdictions.[127] For example, a firm obtaining relief from the Arizona or Utah sandbox will still need to worry about federal regulators, including the CFPB, because Arizona and Utah cannot bind the federal government.[128] Although the CFPB has a process for entering into agreements with other jurisdictions and plans to coordinate with other regulatory bodies for the purposes of its CAS,[129] there is no guarantee it will.[130]

Potential Costs of Regulatory Sandboxes

Regulatory sandboxes have been adopted to obtain certain potential gains, but they also pose risks and costs. Although some cost is inevitable because administering a sandbox requires scarce regulatory resources, other potential risks, such as risks to consumer protection, are more speculative or susceptible to mitigation.[131] This Section briefly discusses some of the potential costs of regulatory sandboxes.

Taxing Scarce Regulatory Resources

Regulatory sandboxes are generally “high touch” affairs in which the regulator and participating firms engage in significant interaction.[132] This interaction requires adequate staffing and resources, with sandboxes typically taking six months and significant staff time to develop.[133] Sandbox staff can also become overwhelmed by applications and requests when there is strong demand from the market.[134] Concerns have been raised that regulatory sandboxes will be inordinately resource intensive relative to their value and that they may cause regulators to divert resources that could be better deployed elsewhere, such as on more general innovation hubs.[135]

Consumer Protection

Concerns also have been raised that regulatory sandboxes will become “consumer protection desert[s,]”[136] where consumers will lose the protection of regulation and be left vulnerable.[137] Regulators may also misjudge the success of an experiment and allow an unduly risky product into the market.[138] Further, there is concern that sandboxes may lead to a race to the bottom where, in an effort to become more attractive to innovative firms, jurisdictions progressively expand the scope of the sandbox and reduce the amount of regulations that apply within.[139] How much of a risk this actually is has yet to be determined. Many sandbox regimes, including those discussed earlier, explicitly include consumer protection concerns in their requirements for entry.[140] For example, Australia requires that firms carry adequate insurance to compensate consumers who are harmed,[141] and Arizona and Utah require firms to detail how they will protect consumers in the event of a failure.[142] How effective these requirements will be depends on the quality of the regulators’ execution.

The Risk of Economic Privilege in Regulatory Sandboxes

As described earlier, leading regulatory sandboxes seek to make it easier for firms to test new products and services, with the goal of encouraging competition, innovation, and access within the financial sector.[143] Regulatory sandboxes work toward this goal by granting specific firms authorization to test new products and services without having to go through the traditional licensing process by either waiving certain legal and regulatory requirements or limiting the firms’ potential legal liability.[144] Although promoting entrepreneurialism and innovation in a sector burdened by heavily restrictive regulatory requirements is in the public interest, it also presents a potential public problem. What happens to firms that are not admitted into the sandbox?

In a competitive market, a benefit granted to one firm may be a blow to that firm’s competitors. Firms typically compete with each other for market power, so a benefit that makes it easier or cheaper for one firm to obtain a larger share of the market is ultimately a detriment to its competitors. Therefore, any time a regulator helps a specific firm, it potentially harms other firms within the industry that did not receive that same benefit.[145]

This is not just a problem for the admitted firm’s competitors; it also harms overall market competition, which, in turn, can reduce consumer benefits. Additionally, when the government allows only one firm to experiment with a particular product or service, it gives that firm—at least for a limited time—monopolistic control over that product or service, which can lead to worse outcomes for consumers.[146] Herein lies the paradox: To make a sandbox worthwhile, it must provide some benefits to the firms operating within it. However, those benefits may confer a competitive advantage to the sandbox firms over their competitors, which could be detrimental to market competition in the sector and, ultimately, to consumers.

The exact nature of the potential advantage will depend on the structure of the sandbox and the advantages it offers. For example, making it easier for Firm A to obtain a limited-use license for testing a new product or service could harm incumbent Firm B, which was not able to obtain the limited-use license. Firm B would then be compelled to spend the time, money, and effort necessary to obtain a full license. All the while, Firm A would already be establishing a customer base and gaining what is commonly referred to as the “first-mover advantage.”[147] This, in turn, would redirect Firm B’s investment resources that could have been spent on research and development or marketing. Although at a fixed point in time, Firm B may seem to have the advantage as an incumbent, Firm A’s smoother entry point may lead to a long-term advantage.

To the extent sandbox entry is limited on the basis of the innovative nature or novelty of a product or service—the regulatory sandboxes established by Australia and Arizona, as examples—a new firm that competes in a space but offers a more traditional product may not be able to get a testing license. This would give a marked advantage to firms that seek to offer new, innovative products and services over firms that offer more traditional products and services.

Making admittance into a sandbox contingent on the novel or innovative nature of a product or service may be justified on the grounds that more traditional firms lack the regulatory uncertainty associated with novel and innovative products or services. It also may make sense because the stated purpose of many sandboxes is to encourage entrepreneurialism and innovation. However, there are countervailing concerns that may outweigh these justifications.

First, there may be sources of regulatory uncertainty that do not arise from developments in technology or from the novel nature of a product or service. In those cases, a firm might benefit from a trial period but still not meet the entry criteria necessary to gain admittance into a specific sandbox. Additionally, because a firm admitted into a sandbox can bring its product or service to market more quickly than its non-admitted rivals, a sandbox may give admitted firms a head start over their more traditional competitors. For example, admitted firms could start working on brand creation and developing customer loyalty by successfully serving customers during the trial, while their non-admitted counterparts are still navigating the standard regulatory process. The longer a firm is allowed to exist within the sandbox’s advantageous regulatory environment, the more pronounced this benefit will likely be.

In a similar vein, the exposure a firm can gain within the sandbox may make it easier for that firm to find and obtain investment compared with its non-sandbox rivals. As Jemima Kelly points out in the Financial Times Alphaville, there is a risk that participation in a sandbox becomes a form of government-provided public relations for firms lucky enough to gain admittance.[148] If investors see that a firm has participated in a sandbox, that participation can signal a number of things. First, it can signal that the firm is engaging in entrepreneurial and innovative activities to stay ahead of the competition. This is especially true if regulators restrict sandbox entry to novel products and services. Second, it can signal that regulators have reviewed the firm and have found it to be stable and capable of expansion. Likewise, it can signal that regulators view the firm favorably or, as Hilary Allen insists, it can “lend[] [the firm] a certain regulatory imprimatur,”[149] which can affect an investor’s view of that firm’s regulatory liability.

There is also a risk that the regulators behind the sandbox become government-provided legal or consulting advisers to the accepted firms. “Informal steers” and other private guidance could allow firms in the sandbox to obtain a great benefit from the regulator, while a non-sandbox firm would need to hire a law firm to receive the same guidance. Even then, the non-sandbox firm would lack the certainty provided by getting the answer straight from the regulator’s mouth. This is not to say that it is bad for regulators to provide guidance and clarity; in fact, it is generally a good thing. But if the benefit falls unequally onto some participants, it could offer an advantage to those firms at the expense of others.

Risks of unequal treatment with regard to enforcement also exist to the extent that the sandbox limits regulatory exposure. For example, the CFPB’s sandbox provides mechanisms for firms to eliminate the risk of liability for certain activities if the CFPB grants approval relief.[150] Although this is not necessarily objectionable if the firm’s conduct is consistent with the law and should therefore not be subject to liability, the risk is that because firms must obtain the relief from the CFPB directly and at the CFPB’s discretion, firms may face different liability risks for comparable behavior depending on whether they went through the sandbox process. This can be a significant advantage to firms within the sandbox because litigation is a costly and time-consuming endeavor that can hinder a firm’s ability to compete effectively, even if the firm ultimately prevails.

None of this is to say that regulatory sandboxes are inherently bad or undesirable. To the extent they facilitate a better understanding of regulation, more entry, greater competition, and increased innovation, regulatory sandboxes can benefit consumers—and that is valuable. However, there are also potential risks that can detrimentally affect competitors and the market as a whole.

The Cost of Economic Privilege

As previously discussed, regulatory sandboxes have the potential to create a form of government-granted economic privilege not enjoyed by outside firms.[151] This is a problem for several reasons. First, it can be considered unjust for the government to empower certain firms at the expense of others. When the government engages in the business of picking winners and losers, it goes against the notions of the rule of law, equal rights, and the generality principle.[152]

Additionally, firm-specific economic privileges distort the market and undermine its function as a knowledge process. When the government decides that one firm, or even one industry, should retain some form of advantage over another, it gives that firm or industry market power it would not otherwise have. This can make comparatively efficient firms perform worse in the market than they otherwise would have, while making comparatively inefficient firms perform better. This result means that firms could succeed or fail even if consumer preferences would have led to the opposite outcome. Because individuals rely on these types of market signals to make decisions, government-granted economic privilege could lead to misallocated resources as well as forgone profits opportunities for firms and individuals.

Finally, allowing the government to grant privileges to some firms at the expense of others opens the door for cronyism and favoritism in the regulatory process. As the political satirist P.J. O’Rourke once quipped: “When buying and selling are controlled by legislation, the first things to be bought and sold are legislators.”[153] Again, all this is not to say that the costs associated with economic privilege outweigh the benefits that come from the increased entrepreneurialism and innovation spurred by regulatory sandboxes. However, these costs do exist. They should be acknowledged and taken into account when analyzing regulatory sandboxes, and policy makers should work to find methods and best practices to mitigate them when feasible.

Government-Granted Economic Privilege Is Unjust

One of the main issues with government-granted economic privilege is that it goes against basic notions of fairness and justice.[154] Why should a bureaucrat be in charge of deciding which firms or individuals succeed within the market? Because of an individual regulator’s decision, a firm that might otherwise be more successful than its competitors may very well perform poorly. This could lead to some firms succeeding that would have otherwise failed and some firms failing that would have otherwise succeeded. When regulators have broad discretion over whether to grant a particular advantage to a firm, that discretion undermines underlying the notions of the rule of law and the generality principle.[155]

To be sure that resources are allocated efficiently, individuals and firms should have as much certainty as possible when making decisions on how they think they will be regulated. Because of the basic notion of fairness, similarly situated firms or individuals should not be regulated in highly disparate ways that heavily favor some firms over others. When regulators are given greater discretion, individuals’ certainty surrounding how they will be regulated decreases, and market participants may be left to the will of a bureaucrat. In this situation, similarly situated firms could face remarkably different regulatory requirements and legal liability. For many individuals, this disparate treatment may feel intuitively unfair.

Defenders of certain forms of government-granted economic privilege will likely argue there are good reasons for regulators to support or hinder certain firms from time to time. The government could be working to address other issues. It could be working to achieve other goals. Giving certain firms advantages over others could simply be the inevitable result of an otherwise completely justifiable government policy. For example, after the 2008 financial crisis, certain banking firms received substantial bailouts while others did not.[156] However, these actions were justified as a way to stabilize the U.S. economy.[157] As former U.S. Secretary of the Treasury Timothy Geithner said, “It wasn’t fair. But it was necessary.”[158] Although that sentiment may be true and although there may be justifiable reasons for allowing the government to grant specific firms privileges over their competitors in certain situations, it does not change the fact that this is unjust. It may be a necessary evil, but it is still an evil that should be avoided whenever possible.

Government-Granted Economic Privilege Distorts the Market

Another cost associated with government-granted economic privilege is that it distorts the market’s function as a knowledge process.[159] When consumers decide whether to purchase a particular good or service, they are signaling to other market participants they have a demand for this good or service.[160] This process provides information to other market participants on how likely it is that the good or service is of high quality or, at the very least, how popular it is among other consumers.[161] In an undistorted market, firms can only succeed if they are able to establish consumer demand for their product, which in turn brings in enough revenue to outweigh the cost of doing business.[162] When the government begins granting economic privileges, it muddles this signaling function and makes it difficult for a consumer or investor to determine whether a firm’s success has been earned in the market or granted by a government body.

A firm could be doing relatively well, or at least could be perceived as doing relatively well, even though it would be doing far worse if not for its government-granted advantage over rivals. This advantage could allow the firm to bring in more consumers than it naturally would have because of the reputational boost that comes from its unearned market advantage. As a result, the firm could drive higher-quality, lower-cost, or more innovative competitors out of the market, and those competitors might have created more benefits for consumers and the market in general than their government-empowered counterpart. Additionally, this advantage could allow a firm to attract new investors that would not have otherwise invested in the firm. Investors could see the short-term economic gain enjoyed by the firm as a result of its unearned economic privilege and choose to invest in that firm over a competitor that may better in the long run. Investors could also view this government-granted privilege as the government endorsing certain firms and not others. Government endorsement is valuable because it signals that a regulatory body has likely reviewed a firm to some extent. It could also signal the firm’s access to government resources and powers that its competitors lack. This would provide a firm’s own type of signaling function that could lead investors to allocate their resources inefficiently.

All this may have a compounding effect in which each benefit that a firm gains as a result of government-granted economic privilege provides the firm with more resources or market power, consequently allowing the firm to use those resources to obtain future benefits. It becomes a cycle of mutual reinforcement. Additionally, as firms gain more resources, market power, and political influence through government-granted economic privilege, they are often able to obtain even more unearned economic privilege through the political process.

Government-Granted Economic Privilege Could Lead to Cronyism

Allowing regulators to grant certain firms economic privilege without extending that privilege to other firms can create a supply of and demand for economic privilege. This supply of and demand for government-granted economic privilege could easily lead to rent-seeking or rent-extracting behavior.[163] As stated earlier, if a firm is able to obtain a government-granted economic privilege, this gives the firm an advantage over firms that were not able to obtain the privilege. Because this advantage has the potential to provide admitted firms with more market power than they would naturally have had, the privilege becomes more valuable when it is granted to fewer firms. A firm that has obtained the privilege will want the number of other firms that are also granted this privilege to be as small as possible. If firms are able to obtain the necessary political power, there is good reason to believe they will attempt to limit regulatory sandbox entry to themselves and, potentially, the few firms they do business with and benefit from. Regulators, in turn, could limit access as a way to maximize their ability to extract rent from firms seeking entry.[164]

In 1982, George Stigler won the Nobel Prize in economic sciences for his work on how regulation is often “captured” by interest groups, industries, or powerful firms and individuals.[165] He argued that the standard “protection of the public” theory of regulation did not sufficiently explain how the regulatory process actually functioned.[166] Instead, he posited that “as a rule, regulation is acquired by the industry and is designed and operated primarily for its benefit.”[167] He went on to say that “every industry or occupation that has enough political power to utilize the state will seek to control entry.”[168] Further, his theory asserted that even if an industry is not able to obtain regulation that fully prohibits new entry into the industry, “the regulatory policy will often be so fashioned as to retard the rate of growth of new firms.”[169] This is because restricting competition and erecting barriers to entry within an industry help incumbent firms gain a larger share of the market and greater market power than they would naturally have.[170] Competing with three other firms is much easier than competing with hundreds. If firms are able to restrict entry, it will be in their interest to do so.

William A. Jordan further developed this idea in his “producer-protection” theory of regulation.[171] He argued that, regardless of whether it is the motivating factor, “the actual effect of regulation is to increase or sustain the economic power of an industry.”[172] Similar to Stigler, Jordan contrasted this with what he called the “consumer-protection” theory of regulation.[173] In Jordan’s view, if the “producer-protection” theory is correct, it is likely that regulation will have the effect of doing “such things as increasing prices, promoting price discrimination, reducing or preventing the entry of rival firms, and increasing industry profits.”[174] Other scholars have also built upon this work and supported similar theories that integrate the industry-benefiting justifications and effects of regulation.[175]

As this Article has established, regulatory sandboxes have the potential to create government-granted economic privilege.[176] If regulators are given broad discretion to choose which firms are allowed to participate in the sandbox, they will be able to limit entry as they see fit. Firms that are already admitted to the sandbox will have a strong desire to see regulators restrict sandbox entry to the greatest extent possible. Because there is (1) a potential supply of regulation—arising from regulators’ discretion on whether to admit a firm into the sandbox—and (2) a demand for the regulation—by firms that would benefit if entry into the sandbox were more heavily restricted—there is the potential for regulatory capture. If firms are able to use their political power to have regulators restrict entry into the sandbox, they have a strong incentive to do so. This is not to say that firms will necessarily work toward this end, or that regulators will be susceptible to it if they do, but only that this potential exists and should be considered when designing the procedures underlying a regulatory sandbox.

How to Mitigate the Risk of Sandbox Privilege

Acknowledging there is a risk that regulatory sandboxes may create certain types of harm does not mean that sandboxes should be abandoned. Instead, when creating sandboxes, policy makers should design them in a way that will minimize the risk of harm while balancing the benefits to innovation and entry. And to be clear, the existing sandbox regimes are not blind to these concerns or tradeoffs.[177] This Section looks at existing regimes’ proposals to identify ways to mitigate risk while allowing sandboxes to function. Generally, these solutions seek to address two core potential sources of trouble: lack of access and differential treatment.

Lack of Access

In a world of few regulatory resources, there is a risk that access to a sandbox will be limited. The more “high touch” the sandbox experience is, the more acute this risk is; the more resources a regulator needs to spend on any given firm, the fewer firms the regulator can service.[178] The resulting lack of access for some firms may place them at an unfair disadvantage, but there are ways to mitigate this risk to some degree.

The first and most obvious option is simply to grant liberal access by lowering or eliminating substantive and procedural restrictions. For example, sandboxes, such as Arizona’s, that use novelty as a criterion[179] risk excluding a marginal firm that is new enough to raise regulatory certainty questions with regard to its specific business model while at the same time, not being new or unique enough to qualify as “innovative” in the eye of the regulator. Adopting an intentionally wide definition of innovation could help move more firms into eligibility. The second option is to consider explicitly whether comparable firms have previously received entry into the sandbox as a factor weighing in favor of entry—this helps avoid arbitrary exclusion.[180]

The third option, seen in the ASIC’s original Fintech Licensing Exemption, is to have a set of objective criteria related to consumer protection and allow any firm that meets those criteria to take advantage of the exemption without the regulator exercising discretion.[181] This option is not without its own risk that the criteria will be set unnecessarily high or idiosyncratically, unduly benefiting some firms over others. But it does lower the risk of arbitrary decision making by the regulator at the admission stage.

Additionally, providing rejected firms with the ability to appeal the regulator’s decision to reject the firm, or at least requiring regulators to explain why a firm was rejected (as seen in Utah)[182] and allowing the firm to reapply after correcting the defect, may help avoid the risk that admission decisions become arbitrary or opaque.

The fourth option, seen in the CFPB sandbox, is allowing industry groups and other third parties to help facilitate sandbox entry on behalf of their members.[183] This innovation may help expand access and mitigate competitive risk by allowing many market participants to benefit from the sandbox at the same time. However, there are also risks to this approach. First, industry groups rarely cover the entire competitive landscape,[184] so although allowing them to apply will help limit the risk of unfair competitive advantage, it may not eliminate this risk and might instead just shift the advantage to the industry-group level instead of the firm-specific level. Second, as the CFPB notes, decisions on whether to grant relief are specific to facts and circumstances,[185] so it is possible that industry groups may not be able to provide sufficient specificity to lead to meaningful relief.

Utah and the CFPB also help firms obtain access to the sandbox if they have competitors that have used the sandbox previously.[186] Although not a guarantee of admission, these provisions could help mitigate against the risk that access to the sandbox becomes a unique advantage for only one market participant.

In addition to expanding access to participation, regulators and policy makers should make certain that the duration of the sandbox is no longer than is necessary to achieve the sandbox’s legitimate ends. Allowing a firm to simply “hang out” in the sandbox’s more favorable regulatory environment would exacerbate the risks of regulatory privilege. This is not to say that sandbox terms must be objectively short, but they should be tailored to the specific needs of the regulatory question at hand.

Likewise, regulators should seek to expand access to the learning that occurs in the sandbox so that, to the extent regulators find themselves acting as de facto consultants or legal counsel, they do so for the public and market and not just for a specific firm. Although some regulatory questions will be tightly wrapped up in the details of a particular business practice such that they are only valuable to that specific firm, there are likely to be many others in which the factors, analyses, and determinations created by regulators will be valuable more broadly. To the greatest extent possible, regulators should promptly report their findings to the general public without revealing trade secrets or proprietary information.

Although some sandboxes include periodic reports, such as the FCA’s lessons learned report,[187] so far these reports do not seem to contain a detailed analysis of the law and regulation.[188] A better analogy may be no-action letters from agencies like the Securities and Exchange Commission that frequently contain legal and factual analysis.[189] Although these no-action letters technically apply only to the firms that receive them, they are frequently used to inform other firms’ expectations.[190]

Differential Treatment

Another risk is that comparable behavior will be treated differently depending on whether the firm is (or was) in the sandbox. This risk could turn sandbox participation from being voluntary to de facto mandatory. Such a situation would be highly undesirable because it would in effect grant regulators a veto power over who could participate in a market. It would also impose new regulatory burdens and, given the potential resource limitations discussed earlier, risk unfairly constricting the entry of new firms.

Although participation in the sandbox may well be evidence of good faith on the part of a participating firm, failure to participate is not necessarily evidence of malevolence. Some sandboxes, like the FCA, explicitly contemplate relaxing certain legal and regulatory requirements.[191] In the FCA’s case, this is consistent with the relevant authorities the FCA enjoys, so it cannot be considered outside of or inconsistent with the law, and the firms that obtain the exemptions or approvals will be entitled to them.[192] However, because firms are required to apply for and receive exemption or approval from the FCA (rather than just being able to conform to an existing safe harbor),[193] there is a risk that two firms engaged in the same behavior would face different liabilities. Although this can arguably be justified as compensation for cooperating with regulators and providing them with information, this justification is not entirely satisfying.

Punishment can be justified as being morally just, creating deterrence, or providing compensation to a harmed party.[194] In the case of a firm operating within a sandbox in good faith, neither punitive nor deterrence justifications apply because the firm is not seeking to violate the law, and no one wants to discourage firms from pursuing innovation with the regulator in a transparent way. However, a firm that operates in good faith outside of the sandbox also does not seem to deserve punishment because it is operating in good faith, just as the sandbox firm is. Moreover, because sandboxes should be voluntary, it is unclear whether firms should be deterred from avoiding operation in the sandbox. This leaves limited justification for lower regulatory barriers to and, most especially, lighter punishment for sandbox firms.

In addition to the risk of de jure disparate treatment between sandbox and non-sandbox firms, there is also the risk that a de facto enforcement culture may develop an agency that views sandbox firms as “good” and non-sandbox firms as “bad.” Firms that go through the extra steps to ingratiate themselves to the regulator and demonstrate tangible good faith may develop a relationship with the regulator that non-sandbox firms do not enjoy—a circumstance which might lead to implicit bias when it comes time for enforcement.

Another risk is that firms using a sandbox will be seen as de facto endorsed by the regulator. Many existing sandboxes require firms to clearly state that their participation in the sandbox is not an endorsement on the part of the regulator.[195] Such clear disclaimers should be broadly adopted to prevent consumers from conflating experimentation with recommendation.

To address these concerns, the regulator should first acknowledge this risk and create both formal guidance and informal norms for enforcement staff to recognize that, although participation in the sandbox can be taken as evidence of good faith, a lack of participation is not necessarily evidence of bad faith. Second, enforcement staff should clearly understand what justifies a level of punishment, allowing non-sandbox firms that are comparably acting in good faith and that stand willing to make harmed customers whole to be treated similarly to sandbox firms.


Sandboxes are exciting developments in the field of regulation. Driven by a need to keep up with quickly changing technology and a desire to facilitate innovation and competition, several leading jurisdictions have adopted sandboxes, with others on the way.[196] However, by their very nature, sandboxes pose a risk to market competition by conferring advantages to some firms over others. Given how new sandboxes are, it is not surprising that the literature on this risk is largely underdeveloped.

This Article identifies possible risks and highlights potentially fruitful areas of future research and scrutiny by academics, policy makers, and others interested in creating regulatory environments that facilitate innovation and competition to the benefit of consumers. As more sandboxes are established and as more firms gain or are denied entry, it will become easier to assess empirically the extent to which sandboxes serve to benefit (1) the market as a whole and (2) just those firms fortunate enough to participate. Although the legitimate benefits to both the market and consumers that are created by well-designed and well-implemented regulatory sandboxes may supersede the potential risk for economic privilege, that risk should not be ignored and should instead be examined when analyzing new or existing regulatory sandboxes.

  1. * The authors would like to thank the C. Boyden Gray Center for the Study of the Administrative State and the participants of the Technology, Innovation, and Regulation symposium; Dr. Christine Cumming; Dr. Walter Valdivia; Dr. Tyler Cowen; and two anonymous peer reviewers for their helpful comments and feedback. The authors would also like to thank Vera Soliman, William Gu, and Joe Brunk for their very able research assistance and Peter Rivera and Kayla Lahti for their administrative assistance. In addition, the authors would like to thank Vera Soliman and Christina Behe for their editing assistance. All errors are the fault of the authors.

  2. . Ross P. Buckley et al., Building FinTech Ecosystems: Regulatory Sandboxes, Innovation Hubs and Beyond, 61 Wash. U. J.L. & Pol’y 55, 56 (2019). Although regulatory sandboxes can vary significantly in their design, these experimental regimes can generally be defined as a decreed state of exception within a regulatory regime that allows firms to offer products or services for a limited time to and a limited number of customers in a modified regulatory environment for the purpose of allowing the firm to test a product or service before it is offered more broadly. Regulatory Sandbox, Fin. Conduct Auth. (Nov. 5, 2015), [] [hereinafter Fin. Conduct Auth., Regulatory Sandbox].

  3. . U.N. Sec’y-Gen.’s Special Advoc. for Inclusive Fin. for Dev FinTech Working Group & Cambridge Centre for Alt. Fin., Early Lessons on Regulatory Innovations to Enable Inclusive Fintech: Innovation Offices, Regulatory Sandboxes, and RegTech 27, 32 (2019) [hereinafter UNSGSA].

  4. . Id. at 4, 28.

  5. . See Fin. Conduct Auth., Regulatory Sandbox, supra note 1.

  6. . See Overview of Regulatory Sandbox, Monetary Auth. of Sing.,
    latory-Sandbox.aspx []; FinTech Regulatory Sandbox, Austl. Sec. & Invs. Comm’n, [].

  7. . See MAS Proposes New Regulatory Sandbox with Fast-Track Approvals, Monetary Auth. of Sing. (Nov. 14, 2018), [].

  8. . Press Release, Ariz. Att’y Gen., Arizona Becomes First State in U.S. to Offer Fintech Regulatory Sandbox (Mar. 22, 2018), [].

  9. . Anthony C. Kaye, Wyoming Creates Fintech Sandbox, Nat’l L. Rev. (June 6, 2019), []; Allen S. Li, Utah Passes the Third State-Run “Sandbox” for Innovative Financial Products and Services, Nat’l L. Rev. (Aug. 1, 2019), [].

  10. . Debate exists within the Bureau over whether it is called the Consumer Financial Protection Bureau (CFPB) or the Bureau of Consumer Financial Protection (BCFP), but both names refer to the same entity. This Article will refer to the Bureau as the CFPB.

  11. . CFPB Issues Policies to Facilitate Compliance and Promote Innovation, Consumer Fin. Prot. Bureau (Sept. 10, 2019), []; Policy on the Compliance Assistance Sandbox, 84 Fed. Reg. 48,246, 48,247 (Sept. 13, 2019) (to be codified at 12 C.F.R.).

  12. . See, e.g., Deloitte Ctr. for Regul. Strategy EMEA, A Journey Through the FCA Regulatory Sandbox 1 (2018) [hereinafter Deloitte]; Utah Code Ann. § 13-55-104(2) (West, Westlaw through 2020 6th Spec. Sess.); Ariz. Rev. Stat. Ann. § 41-5602 (Westlaw through 2d Reg. Sess. of 54th Leg. 2020).

  13. . Linda Jun et al., Comment Letter on No-Action Letters and Product Sandbox (Feb. 11, 2019),
    (last visited Oct. 30, 2020).

  14. . Hilary J. Allen, Regulatory Sandboxes, 87 Geo. Wash. L. Rev. 579, 622 (2019). One public comment filed by a collection of consumer advocacy groups referred to the CFPB’s “protections.” Jun et al., supra note 12, at 2.

  15. . Jun et al., supra note 12, at 1.

  16. . See, e.g., id.

  17. . Similar issues have been identified regarding the somewhat analogous “special economic zones” that have been created within the past several decades. See, e.g., Lotta Moberg, The Political Economy of Special Economic Zones, 11 J. Institutional Econ. 167, 167 (2015).

  18. . See Dirk A. Zetzsche et al., Regulating a Revolution: From Regulatory Sandboxes to Smart Regulation, 23 Fordham J. Corp. & Fin. L. 31, 45–46 (2017).

  19. . See, e.g., Kaye, supra note 8; Policy on the Compliance Assistance Sandbox, 84 Fed. Reg. 48,246, 48,251 (Sept. 13, 2019) (to be codified at 12 C.F.R.); Jun et al., supra note 12, at 1.

  20. . As of September 1, 2020, the Australian Securities and Investment Commission (ASIC) introduced significant modifications to its regulatory sandbox program. This Article primarily describes the sandbox as it existed prior to these changes because it contained several unique elements compared to most other regulatory sandboxes. Info 248 Enhanced Regulatory Sandbox, Austl. Sec. & Invs. Comm’n, (last visited Oct. 30, 2020) [hereinafter ASIC, Info 248]. While many of the changes made by the ASIC merely expand or modify existing requirements, this Article includes a discussion of some of the more material changes to the ASIC sandbox implemented in September of 2020. See infra notes 29, 45, 83, 102, 107, 118 and accompanying text.

  21. . UNSGSA, supra note 2, at 19, 26.

  22. . Id. at 27.

  23. . Zetzsche et al., supra note 17, at 75.

  24. . See UNSGSA, supra note 2, at 15.

  25. . See id. at 21.

  26. . See id. at 22, 28.

  27. . See id. at 28.

  28. . Id. at 22, 58.

  29. . Christopher Woolard, Fin. Conduct Auth. Dir. of Strategy and Competition, Regulating for Innovation, Speech Delivered at the Financial Conduct Authority’s Event on UK FinTech (Feb. 22, 2016), in Fin. Conduct Auth. (Feb. 23, 2016), [].

  30. . Crowd-Sourced Funding, Austl. Sec. & Invs. Comm’n, (last visited Oct. 30, 2020).

  31. . See ASIC, Info 248, supra note 19.

  32. . Frequently Asked Questions: Why Was the Sandbox Created?, Ariz. Att’y Gen., [] [Ariz. Att’y Gen., FAQs].

  33. . Regulatory Sandbox: Frequently Asked Questions, State of Utah Dep’t of Com., [] [hereinafter State of Utah Dep’t of Com., FAQs].

  34. . See Policy on the Compliance Assistance Sandbox, 84 Fed. Reg. 48,246, 48,255 (Sept. 13, 2019) (to be codified at 12 C.F.R.).

  35. . Id. at 48,251.

  36. . Fin. Conduct Auth., Regulatory Sandbox 5 (2015) [hereinafter Fin. Conduct Auth., Regulatory Sandbox].

  37. . Austl. Sec. & Invs. Comm’n, Regulatory Guide 257.1, Testing Fintech Products and Services Without Holding an AFS or Credit License (2017) (emphasis added) [hereinafter ASIC, Regulatory Guide].

  38. . See Ariz. Att’y Gen., FAQs, supra note 31 (emphasis added).

  39. . Utah Code Ann. § 13-55-103(3)(f)(ii) (West, Westlaw current through 2020 5th Spec. Sess.).

  40. . Id.

  41. . See id.

  42. . See Zetzsche et al., supra note 17, at 102.

  43. . Id. at 78; see UNSGSA, supra note 2, at 30; Allen, supra note 13, at 580, 614–16.

  44. . See Fin. Conduct Auth., Regulatory Sandbox, supra note 1.

  45. . See supra Section II.B.1.b.

  46. . See ASIC, Info 248, supra note 19.

  47. . See id.

  48. . See UNSGSA, supra note 2, at 10, 30.

  49. . See id. at 7.

  50. . See id. at 32.

  51. . See Fin. Conduct Auth., Regulatory Sandbox, supra note 1.

  52. . See Fin. Conduct Auth., Regulatory Sandbox Lessons Learned Report 3, 16 (2017) [hereinafter Fin. Conduct Auth., Lessons Learned].

  53. . See id. at 16.

  54. . See ASIC, Regulatory Guide, supra note 36.

  55. . See id.

  56. . Allen, supra note 13, at 611.

  57. . Fin. Conduct Auth., Regulatory Sandbox, supra note 35, at 5.

  58. . Ariz. Att’y Gen., FAQs, supra note 31.

  59. . See State of Utah Dep’t of Com., FAQs, supra note 32.

  60. . See generally Fin. Conduct Auth., Lessons Learned, supra note 51, at 5–7 (noting indicators of success).

  61. . Id. at 6.

  62. . Deloitte, supra note 11, at 7.

  63. . See Buckley et al., supra note 1, at 57.

  64. . See id. at 59.

  65. . See id. at 58.

  66. . See id. at 59.

  67. . See id. at 61, 63–64.

  68. . Applying to the Regulatory Sandbox, Fin. Conduct Auth. (June 16, 2017), [] [hereinafter Fin. Conduct Auth., Applying to the Regulatory Sandbox].

  69. . Comparison of Key Features of the ASIC Sandbox and the Australian Government’s Enhanced Regulatory Sandbox, Austl. Sec. & Invs. Comm’n 1, [] [hereinafter ASIC, Comparison of Key Features].

  70. . Ariz. Rev. Stat. Ann. § 41-5603(C)(2) (Westlaw through 2020 2d Reg. Sess. of 54th Leg.).

  71. . Utah Code Ann. § 13-55-103(3)(a)–(b) (West, Westlaw through 2020 5th Spec. Sess.).

  72. . See Policy on the Compliance Assistance Sandbox, 84 Fed. Reg. 48,246, 48,247, 48,251–52 (Sept. 13, 2019) (to be codified at 12 C.F.R.).

  73. . See Buckley et al., supra note 1, at 61–62; UNSGSA, supra note 2, at 21.

  74. . Buckley et al., supra note 1, at 63.

  75. . See Fin. Conduct Auth., Applying to the Regulatory Sandbox, supra note 67.

  76. . Policy on the Compliance Assistance Sandbox, 84 Fed. Reg. at 48,252.

  77. . Buckley et al., supra note 1, at 64.

  78. . See Deloitte, supra note 11, at 3.

  79. . See id.; Ariz. Rev. Stat. Ann. § 41-5603(A) (Westlaw through 2020 2d Reg. Sess. of 54th Leg.); Utah Code Ann. § 13-55-104(1) (West, Westlaw through 2020 6th Spec. Sess.); Fin. Conduct Auth., Regulatory Sandbox, supra note 1; ASIC, Info 248, supra note 19.

  80. . See, e.g., § 41-5601(4) (Westlaw through 2020 2d Reg. Sess. of 54th Leg.); Utah Code Ann. § 13-55-102(7) (West, Westlaw through 2020 5th Spec. Sess.).

  81. . See Fin. Conduct Auth., Applying to the Regulatory Sandbox, supra note 67.

  82. . § 41-5601(4); § 13-55-102(7).

  83. . § 41-5601(4); § 13-55-102(7).

  84. . See ASIC, Info 248, supra note 19.

  85. . Id.

  86. . See Buckley et al., supra note 1, at 61–63.

  87. . Policy on the Compliance Assistance Sandbox, 84 Fed. Reg. 48,246, 48,251–52, 48,259 (Sept. 13, 2019) (to be codified at 12 C.F.R.).

  88. . See id. at 48,251–52 (listing the evaluation criteria for application, which do not include a uniqueness component).

  89. . Id. at 48,259.

  90. . Utah Code Ann. § 13-55-103(10) (West, Westlaw through 2020 5th Spec. Sess.).

  91. . See Deloitte, supra note 11, at 4; Fin. Conduct Auth., Regulatory Sandbox, supra note 1; see, e.g., Utah Code Ann. § 13-55-104(2)(b) (West, Westlaw through 2020 5th Spec. Sess.).

  92. . See Fin. Conduct Auth., Regulatory Sandbox, supra note 1.

  93. . Ariz. Rev. Stat. Ann. §§ 41-5605(B)(3), (B)(4), (C)(2) (Westlaw through 2020 2d Reg. Sess. of 54th Leg.).

  94. . § 13-55-104(2)(b)–(d).

  95. . See Deloitte, supra note 11, at 3; Ariz. Rev. Stat. Ann. § 41-5601(7); § 13-55-103(3); Policy on the Compliance Assistance Sandbox, 84 Fed. Reg. 48,246, 48,247 (Sept. 13, 2019) (to be codified at 12 C.F.R.).

  96. . See Deloitte, supra note 11, at 3; Ariz. Rev. Stat. Ann. § 41-5603(F)(1)–(3) (Westlaw through 2020 2d Reg. Sess. of 54th Leg.); § 13-55-103(3)(f)(i)–(viii); Policy on the Compliance Assistance Sandbox, 84 Fed. Reg. at 48,256.

  97. . See Deloitte, supra note 11, at 3; § 41-5603(B); § 13-55-103(9)(a); Policy on the Compliance Assistance Sandbox, 84 Fed. Reg. at 48,247.

  98. . § 41-5603(I); § 13-55-103(7)–(8).

  99. . See Policy on the Compliance Assistance Sandbox, 84 Fed. Reg. at 48,247.

  100. . Id.; § 41-5603(J); § 13-55-103(12)(a).

  101. . § 13-55-103(12)(b).

  102. . See ASIC Releases World-First Licensing Exemption for Fintech Businesses, Austl. Sec & Invs. Comm’n (2016), [] [hereinafter ASIC, World-First Licensing Exemption]; cf. Deloitte, supra note 61, at 2–3; § 41-5603(I); § 13-55-103(9)(a); Policy on the Compliance Assistance Sandbox 84 Fed. Reg. at 48,247.

  103. . Zetzsche, supra note 18, at 82–83

  104. . ASIC Issues Guidance for Government’s Enhanced Regulatory Sandbox, Austl. Sec & Invs. Comm’n, [].

  105. . ASIC, Comparison of Key Features, supra note 68.

  106. . See id.

  107. . ASIC, Regulatory Guide, supra note 36, at 257.113–14.

  108. . ASIC, Comparison of Key Features, supra note 68.

  109. . ASIC, Info 248, supra note 19.

  110. . Id.

  111. . Id.

  112. . Id.

  113. . Id.

  114. . Id.

  115. . See, e.g., State of Utah Dep’t of Com., FAQs, supra note 32. Utah Code Ann. § 13-55-103(2)(b) (West, Westlaw through 2020 5th Spec. Sess.); About Us, State of Utah Dep’t of Com., [] [hereinafter State of Utah Dep’t Com., About Us].

  116. . How We Authorise, Fin. Conduct Auth. (Apr. 5, 2016) [] [hereinafter Fin. Conduct Auth., How We Authorise]; Enforcement, Fin. Conduct Auth. (Apr. 22, 2016), [] [hereinafter Fin. Conduct Auth., Enforcement].

  117. . Sandbox Tools, Fin. Conduct Auth. (Dec. 15, 2017), [] [hereinafter Fin. Conduct Auth., Sandbox Tools].

  118. . ASIC, Comparison of Key Features, supra note 68.

  119. . Austl. Sec. & Invs. Comm’n, Retaining ASIC’s Fintech Licensing Exemption 7 (Austl. Sec. & Invs. Comm’n, Consultation Paper No. 297, 2017), [].

  120. . ASIC, Info 248, supra note 19.

  121. . See Utah Dep’t of Com., FAQs, supra note 32; Ariz. Att’y, Gen., FAQs, supra note 31.

  122. . § 13-55-103(2)(b); Ariz. Rev. Stat. Ann. § 41-5602 (Westlaw through 2020 2d Reg. Sess. of 54th Leg.).

  123. . See The Bureau, Consumer Fin. Prot. Bureau, []; Fin. Conduct Auth., How We Authorise, supra note 115; Powers, Austl. Sec. & Invs. Comm’n, []; State of Utah Dep’t Com., About Us, supra note 114; Business Licensing, Ariz. Com. Auth., [].

  124. . See Consumer Fin. Prot. Bureau, supra note 122.

  125. . See Policy on the Compliance Assistance Sandbox, 84 Fed. Reg. 48,246, 48,257 (Sept. 13, 2019) (to be codified at 12 C.F.R.).

  126. . Id. at 48,256.

  127. . See Ariz. Rev. Stat. Ann. § 41-5603(F) (Westlaw through 2020 2d Reg. Sess. of 54th Leg.); Utah Code Ann. § 13-55-104(5) (West, Westlaw through 2020 5th Spec. Sess.); Policy on the Compliance Assistance Sandbox, 84 Fed. Reg. at 48,249.

  128. . See § 41-5603(F); § 13-55-104(5); Policy on the Compliance Assistance Sandbox, 84 Fed. Reg. at 48,249.

  129. . Policy on the Compliance Assistance Sandbox, 84 Fed. Reg. at 48,259–60.

  130. . Id.

  131. . See infra Section II.C.

  132. . See ASIC, Info 248, supra note 45.

  133. . UNSGSA, supra note 20, at 31.

  134. . Id.

  135. . Id. at 31–32.

  136. . See Lauren Saunders, Are Fintech Sandboxes a Consumer Protection Desert?, The Hill (Nov. 29, 2018), [].

  137. . See Jun et al., supra note 12, at 2; see also State of N.Y. Off. of the Att’y Gen., Comment Letter on Policy on No-Action Letters and the BCFP Product Sandbox 2 (Feb. 11, 2019), [] (“The Proposed Policies do not reflect [a cautious and deliberative regulatory] approach. Instead, they would permit the CFPB to exempt—in some cases indefinitely—companies and even entire industries from certain consumer protection laws and regulations through a process designed to value speed over careful decision-making.”).

  138. . See Jun, supra note 12, at 3.

  139. . Jemima Kelly, A “Fintech Sandbox” Might Sound Like a Harmless Idea. It’s Not, ALPHAVILLE (Dec. 5, 2018),–fintech-sandbox–might-sound-like-a-harmless-idea–It-s-not/ [] (“Worryingly, there now appears to be a kind of race to the bottom among global regulators to set up the most ‘light-touch’ possible regimes so as to attract start-ups to their jurisdictions—whether they are offering consumers and investors anything useful. Sandboxes are a part of that.”).

  140. . See ASIC, Info 248, supra note 19; Ariz. Rev. Stat. Ann. § 41-5603(F)(3), (F)(3)(g) (Westlaw through 2020 2d Reg. Sess. of 54th Leg.); Utah Code Ann. § 13-55-103(3)(f), (3)(f)(viii) (West, Westlaw through 2020 5th Spec. Sess.).

  141. . ASIC, Info 248, supra note 19.

  142. . § 41-5603(F)(3), (F)(3)(g); § 13-55-103(3)(f), (3)(f)(viii).

  143. . See supra Section II.B.1.

  144. . See supra Sections II.A.–II.B.1.d.

  145. . As Christopher Coyne and Lotta Moberg have articulated in the context of state-provided targeted economic benefits generally, “Targeted benefits are valuable to firms because of their discriminatory nature[:] they give the recipient favorable advantages over competitors that do not receive the same benefits.” Christopher J. Coyne & Lotta Moberg, The Political Economy of StateProvided Targeted Benefits, 28 Rev. Austrian Econ. 337, 348 (2015).

  146. . Matthew D. Mitchell, The Pathology of Privilege: The Economic Consequences of Government Favoritism 18 (2012) (“When a government grants one firm a monopoly, however, there is no discipline. The firm will possess pricing power that a competitive firm lacks. It need not accept the price that would emerge in a competitive market and is instead said to be a ‘price maker.’ If the firm is interested in maximizing its profit, it will set a higher price than that which would prevail in a competitive industry.”).

  147. . See generally Roger A. Kerin et al., First-Mover Advantage: A Synthesis, Conceptual Framework, and Research Propositions, 56 J. Mktg. 33, 33 (1992) (providing insight as to the types of advantages that accrue from entering the market first).

  148. . See Kelly, supra note 138.

  149. . Allen, supra note 13, at 625.

  150. . See Policy on the Compliance Assistance Sandbox, 84 Fed. Reg. 48,246, 48,249 (Sept. 13, 2019) (to be codified at 12 C.F.R.).

  151. . See supra Section III.

  152. . See Overview – Rule of Law, U.S. Cts., []; Jarret B. Wollstein, The Idea of Equality, Found. for Econ. Educ. (Apr. 1, 1980), []; What is Generality Principle in Political Science?, The Hindu (Sept. 27, 2018, 23:58), [].

  153. . P.J. O’Rourke, Parliament of Whores 210 (1992).

  154. . See generally Michelle Maise, Principles of Justice and Fairness, Beyond Intractability, [] (discussing generally the notions of justice and “fair play”).

  155. . The generality principle was best articulated by the economist James M. Buchanan:

    [The generality principle is] that which modern politics is not. What we observe is “politics by interest,” whether in the form of explicitly discriminatory treatment (rewarding or punishing) of particular groupings of citizens or of some elitist-dirigiste classification of citizens into the deserving and non-deserving on the basis of a presumed superior wisdom about what is really “good” for us all. The proper principle for politics is that of generalization or generality.

    James M. Buchanan & Roger D. Congleton, Politics by Principle, Not Interest: Toward Nondiscriminatory Democracy, at xix (11th ed. 2003).

  156. . See Bailed Out Banks, Cnn Money,
    []; Miranda Marquit, Too Big to Fail Banks: Where Are They Now?, Investopedia, [].

  157. . See Kimberly Amadeo, What Was the Bank Bailout Bill? Cost, Impact, How it Passed, The Balance (Apr. 19, 2020), [].

  158. . Press Release, Tim Geithner, Sec’y of Treasury, Remarks at Office of Financial Stability Town Hall (Sept. 22, 2020), [].

  159. . See Friedrich A. Hayek, The Use of Knowledge in Society, 35 Am. Econ. Rev. 519 (1945).

  160. . See Jim Chappelow, Demand, Investopedia (Sept. 22, 2020), [].

  161. . See Hayek, supra note 158; Chappelow, supra note 159.

  162. . See Chappelow, supra note 159; Alicia Tuovila, Economic Profit (or Loss), Investopedia (June 27, 2020), [].

  163. . Rent-extraction can occur when policy makers, realizing they have the ability to offer something of value or to impose a cost on market participants, demand rents from those participants to either provide some form of gain or avoid any potential for harm. See generally Fred S. McChesney, Rent Extraction and Rent Creation in the Economic Theory of Regulation, 16 J. Legal Stud. 101, 102–03 (1987) (broadly explaining how and why rent-extraction comes to fruition).

  164. . See id.

  165. . Press Release, The Nobel Prize, The Sveriges Riksbank Prize in Economic Sciences in Memory of Alfred Nobel 1982 (Oct. 20, 1982), [].

  166. . See George Stigler, The Theory of Economic Regulation, 2 Bell J. Econ. & Mgmt. Sci. 3, 4 (1971).

  167. . Id. at 3.

  168. . Id. at 5.

  169. . Id.

  170. . See id. at 7.

  171. . William A. Jordan, Producer Protection, Prior Market Structure and the Effects of Government Regulation, 15 J.L. & Econ. 151, 152 (1972).

  172. . Id. at 153.

  173. . See id. at 152–53.

  174. . Id. at 153 (footnote omitted).

  175. . See Richard A. Posner, Taxation by Regulation, 2 Bell J. Econ. & Mgmt. Sci. 22, 22 n.3 (1971) (“The ‘capture’ of regulation by the regulatees is, of course, an old theme in the literature of regulation. Professor Stigler’s theory allows for capture by effective political groups other than the regulated firms themselves, and there is accordingly no necessary inconsistency between it and the analysis in this paper.”). See generally Gary S. Becker, A Theory of Competition Among Pressure Groups for Political Influence, 98 Q.J. Econ. 371, 372, 396 (1983) (explaining that Stigler was an influence and providing a model that expands on his theory); Sam Peltzman, Toward a More General Theory of Regulation, 19 J.L. & Econ. 211, 211–212, 240 (1976) (explaining that Stigler and Jordan were influences and expanding on their work).

  176. . See supra Section IV.

  177. . See ASIC, World-First Licensing Exemption, supra note 101; Ariz. Rev. Stat. Ann. § 41-5601(4) (Westlaw through the 2d Reg. Sess. of the 2020 54th Leg.); Utah Code Ann. § 13-55-103(12)(b) (West, Westlaw through 2020 5th Spec. Sess.).

  178. . See UNSGSA, supra note 2, at 31.

  179. . § 41-5601(4).

  180. . Brian Knight, Comment Regarding the Consumer Financial Protection Bureau’s Proposed No-Action Letter and Product Sandbox Policies, 6 (Jan. 28, 2019),

  181. . See ASIC, World-First Licensing Exemption, supra note 101.

  182. . § 13-55-103(12)(b).

  183. . See Policy on the Compliance Assistance Sandbox, 84 Fed. Reg. 48,246, 48,254 (Sept. 13, 2019) (to be codified at 12 C.F.R.).

  184. . See The Global Industry Classification Standard, MCSI, [].

  185. . See Policy on the Compliance Assistance Sandbox, 84 Fed. Reg. at 48,251.

  186. . See supra Section II.B.2.b.

  187. . See Fin. Conduct Auth., Lessons Learned, supra note 60, at 1, 3.

  188. . See id. at 2.

  189. . No Action Letters, U.S. Sec. & Exch. Comm’n (Mar. 23, 2017), [].

  190. . Id.

  191. . See Fin. Conduct Auth., Sandbox Tools, supra note 116.

  192. . See Fin. Conduct Auth., How We Authorise, supra note 115; Fin. Conduct Auth., Enforcement, supra note 115.

  193. . See Fin. Conduct Auth., Regulatory Sandbox, supra note 35, at 7.

  194. . See generally Richard S. Frase, Punishment Justification and Goals, Oxford Bibliographies (Mar. 2, 2011), [] (explaining the justifications for punishment).

  195. . See Ariz. Rev. Stat. Ann. § 41-5606(A)(3) (Westlaw through 2020 2d Reg. Sess. of 54th Leg.); Utah Code Ann. § 13-55-105(1)(e) (West, Westlaw through 2020 5th Spec. Sess.); Policy on the Compliance Assistance Sandbox, 84 Fed. Reg. 48,246, 48,257 (Sept. 13, 2019) (to be codified at 12 C.F.R.).

  196. . See Jayoung James Goo & Joo-Yeun Heo, The Impact of the Regulatory Sandbox on the Fintech Industry, with a Discussion on the Relation Between Regulatory Sandboxes and Open Innovation, J. Open Innovation: Tech., Mkt., & Complexity 1, 4 tbl.1 (2020).