1. Presentation of the projects
1.1 Who can participate in the sandbox?
The regulatory sandbox is a space for the creation of innovative technology for the banking, financial and insurance sector, for those who
- would like to test a particular activity that is subject to authorization or registration in a roll, register or list kept by the supervisory authorities or who
- would like to test an activity that is generally restricted, but which comes under one of the exclusions allowed by law. For example, lending activities that are not carried out vis-à-vis the public, i.e. not to professional categories
- they provide services or carry out activities with characteristics that suggest they should be regulated, in favour of an entity that is supervised or regulated by the Bank of Italy, Consob or IVASS. Think, for example, of a FinTech/InsurTech operator offering technological services to benefit a banking or financial intermediary or an insurance company for regulatory compliance activities. The activity therefore involves two categories of entities: a FinTech/InsurTech operator (applying to be admitted to the test) and a supervised or regulated operator
- they are already supervised or regulated by the Bank of Italy, Consob or IVASS and have their registered office or branch in Italy (e.g. a banking or financial intermediary, an issuer, etc.). If the person already authorized to carry out a given regulated activity requires additional authorization to carry out the test activity, they will have to obtain specific authorization, or request a change to or an extension of an existing authorization, as provided for in point (a).
1.2 Can foreign operators from another Member State of the European Union be admitted to the Italian sandbox?
Entities that are already supervised or regulated but are incorporated in another EU country and operating in Italy through a branch or under the freedom to provide services may submit an application for admission to the sandbox and may be the recipient of a product/service tested by a FinTech operator.
The application for admission to the test can also be submitted by non-supervised or regulated European operators in the FinTech sector for activities to be provided to a supervised or regulated entity having its registered office or branch in Italy or operating under the freedom to provide services (see Article 5(1)(c) of Ministerial Decree 100/2021).
If the activity is carried out by, or is for the benefit of, entities established in another EU country and operating in Italy under the freedom to provide services, the Bank of Italy, Consob and IVASS may not accept the request if they consider that they do not have sufficient supervisory powers to ensure the adequate protection of users working in the sandbox.
1.3 Can foreign operators that do not have their registered office in the European Union be admitted to the Italian sandbox
Entities that do not have their registered office in the European Union may apply for admission to the Italian sandbox if they already have a branch authorized to operate in Italy and are therefore subject to supervision or regulation by the Bank of Italy, Consob or IVASS (see Article 5(1)(d) of Ministerial Decree 100/2021).
The application for admission to the sandbox may also be submitted by FinTech operators who are not subject to supervision or regulation having their registered office in a non-European Union State for activities to be provided to a supervised or regulated entity that has its registered office or branch in Italy or operates with Italian customers under the freedom to provide services.
In the event that the application for entry into the sandbox is successful, the applicant must open a secondary or representative office in Italy, within 45 days of the decision of the competent authority to admit the applicant to the test (see Article 13(2) of Ministerial Decree 100/2021).
1.4 How can I find out if the sandbox is a suitable channel for my project?
For admission to the sandbox, the activity to be tested must be relevant to the role of the Bank of Italy (https://www.bancaditalia.it/compiti/vigilanza/intermediari/index.html?com.dotmarketing.htmlpage.language=1), of Consob (https://www.consob.it/web/area-pubblica/attivita) or of IVASS (https://www.ivass.it/chi-siamo/in-sintesi/compiti/index.html?com.dotmarketing.htmlpage.language=3) and it must respect the requirements under Article 6 of Ministerial Decree 100/2021.
Interested parties can use the dedicated communication and support channels that have been established at the abovementioned supervisory authorities to submit their own projects, request specific clarifications on the criteria and procedures for admission, and receive support to identify the relevant supervisor:
- for the Bank of Italy, contact firstname.lastname@example.org (https://www.bancaditalia.it/focus/sandbox/fasi-del-processo/index.html?com.dotmarketing.htmlpage.language=1). Through this informal dialogue, the operator can also receive support from the Bank of Italy in relation to the characteristics of a project proposed to the Bank's other innovation providers, i.e. Milano Hub and the FinTech Channel);
- for Consob, contact email@example.com (https://www.consob.it/web/area-pubblica/sandbox);
- for IVASS, contact firstname.lastname@example.org (https://www.ivass.it/operatori/sandbox/index.html)
1.5 When and where can an application for admission be submitted?
The request for admission can be made in specific submission windows. To find out when the next submission window opens, consult the sandbox website. The application for admission must be submitted digitally, filling in the form referred to in the subsection 'Admission requirements' in the section 'Admission to the test'.
1.6 Is it necessary to fill in all parts of the application form?
Yes, all the information requested on the application form must be filled in. If the application is incomplete, if it lacks the required digital signature, or if a mandatory attachment is missing, the administrative procedure cannot be initiated. In this instance and/or if the application is incomplete, the Authority notifies the applicant of the failure to launch the procedure, indicating what documentation is missing. The new application, with all supporting documentation, must be submitted before the closure date of the submission window set by the Authority.
1.7 If my activity/service will be provided to supervised or regulated entities, is it necessary to identify them before submitting the application?
Yes. If the activity is covered by the provisions of Article 5(1)(c) - a service or activity impacting on areas subject to regulation in the banking, financial, or insurance sectors, provided in favour of a supervised entity or entity regulated by at least one supervisory authority - and if the experimentation necessitates the collaboration of one or more parties to whom it is provided or on whose behalf the activity in question is conducted, the applicant must certify that the supervised entity/entities agree to be the beneficiary of the activity or part of the activity being experimented and to any regulatory derogations eventually requested for carrying out the experimentation.
1.8 Are there any fees to pay for admission to the sandbox?
No, admission to the sandbox does not involve the payment of any kind of fees, without prejudice to the application of supervisory fees, where relevant to the type of activity being carried out.
2. Admission to the sandbox
2.1 When is an activity sufficiently innovative?
The activity to be tested must leverage innovative technologies and be geared towards providing services, products or processes for the banking, financial and insurance sectors that are genuinely new and different from what is already present on the national market. The degree of innovation will be assessed not only by reference to the technologies used, but also by considering their application to a product, process or business model that is relevant to the national banking, financial and insurance sector.
The novelty of the project must be demonstrated, including through internal analyses and/or market analyses, providing all the elements necessary to assess what makes this solution stand out in relation to that of competitors at national level.
For the technological aspects, please find below an illustrative and non-exhaustive list of technologies and solutions which, as things stand today, may be relevant for admission to the sandbox:
- Application Programming Interfaces (APIs)
- Artificial Intelligence (AI)
- Machine Learning (ML)
- Big Data/Data Analytics
- Digital ID and Authentication Systems
- Cloud Computing
- DLT/Block chains and Smart Contracts
- Cloud Computing
- The Internet of Things (IoT) and Wearable or Mobility-Support Devices
- Robotic Process Automation (RPA)
- Natural Language Processing (NLP)
- Advance Cryptography Mechanisms
2.2 What derogations can be granted in relation to the sandbox?
The Bank of Italy, Consob, and IVASS can derogate from supervisory guidance, regulations or other, more general, documents issued by them when exercising their functions.
These derogations cannot be granted for primary legislation and mandatory EU legislation. Admission to the sandbox may be extended to types of entities other than those envisaged under the Consolidated Law on Banking (TUB), Consolidated Law on Finance (TUF) and the Code of Private Insurance (CAP), for activities requiring authorization or enrolment in a list or register on the part of a supervisory authority or with less stringent professionalism requirements.
With regard to the above, the derogations can be made in the following areas, provided there is no conflict with mandatory EU legislation:
- capital requirements;
- simplified requirements that are proportionate to the activities to be carried out;
- operational parameters;
- disclosure obligations;
- timeline for the granting of authorizations;
- professionalism requirements of the corporate managers;
- corporate governance aspects and risk management;
- admissible corporate structures;
- possible financial guarantees.
2.3 When can an activity be deemed to add value?
The assessment of value added will be made holistically i.e. considering the activity in its totality. In particular, the proposed activity must add value in at least one of the following four areas identified by Article 6(1)(c) of Ministerial Decree 100/2021, without unduly compromising any of the others:
- deliver benefits for end users. For example, in terms of improving customer experience and transparency, strengthening security safeguards, lowering costs for final users, etc.,
- contribute to the efficiency of the banking, financial, insurance system and/or to that of the operators. For example, in terms of lowering costs, utilizing fewer resources, shortening execution times of operations and increasing usability of information, etc.
- make the application of banking, financial and insurance regulations less onerous or more effective. For example, in terms of streamlining the internal processes designed to meet the regulatory obligations, improving data management for compliance and reporting purposes, etc.,
- improve the systems/procedures/processes for intermediaries' risk management. For example, in terms of optimizing the costs or utilizing internal resources, increasing effectiveness in identifying and/or measuring/handling risks, etc.
2.4 What elements are considered when verifying if an activity is at a sufficiently advanced stage for the testing period?
The product/service must be ready to start the testing period immediately after receiving notice of admission to the sandbox. In particular, when assessing requests for admission, the following must be verified:
- availability of a complete feasibility study (exact description of the solution proposed with practical examples, precise definition of the technological, human and logistical resources required);
- availability or mobilization of the necessary resources;
- testing period plan (for example, through the use of a Gantt-Chart) defined in terms of objectives, specific targets, timelines and milestones;
- identification of the main risks (including ICT, cyber security and data protection risks) and of the specific safeguards/instruments to protect uses;
- proposals for metrics and analytical assessments to monitor the testing period.
2.5 What elements are considered when verifying the future economic and financial sustainability of the project and the adequacy of the financial coverage?
In assessing economic and financial sustainability, the following elements will be assessed:
- sufficiency of revenues to cover future running costs;
- availability of net cash flows consistent with investment plans and development prospects;
- adequacy of the business's capitalization in terms of indebtedness and future cash flows consistent with meeting the financial commitments made.
The assumptions underlying the future estimates must be solid and realistic.
The financial coverage, measured in relation to the duration of the testing period, must be consistent with the scope of the project and provided by entities that are financially capable of guaranteeing future liquidity needs.
2.6 How long will I have to wait before I know whether my application has been successful?
Admission to the testing period will be decided within 60 days of the closure of the submission window, provided there are no suspensions or other interruptions, and will be duly notified. When the application to the testing period is accompanied by a request for authorization to carry out a restricted activity (see Article 5(1)(a) of Ministerial Decree 100/2021), notification of admission will follow the length prescribed by the legislation applicable for authorization procedures.
3. Start of the testing period and monitoring
3.1 Will the names of the companies admitted to the sandbox be made public?
Yes. The website of the FinTech Committee established within the Ministry of Economy and Finance will host a register that lists entities admitted to the testing period. Moreover, Bank of Italy, IVASS and Consob will notify the public that they have admitted an entity to the testing period.
3.2 What kind of support is provided to the participants?
Through testing period in the sandbox, operators can test the innovative activities, in close collaboration with the supervisory authorities and in a controlled environment, before being launched on the market, and eventually benefiting from a simplified regime for a transitional period.
3.3 For how long can I test my proposed solution?
The duration of the testing period will be indicated in the notification of admission. This cannot exceed a period of 18 months, except when extended as envisaged under Article 17 of Ministerial Decree 100/2021.
4. End of the testing period
4.1 What happens at the end of the testing period?
At the end of the sandbox testing period, the participants will submit an economic and operational report on the tests to the competent supervisory authority and give timely information to the public about its conclusion. The end of the testing period phase entails the end of the sandbox regime and the cessation of any derogations conceded, except in the following cases:
- the entities admitted to the testing period which, before the end of same, obtain an extension from the competent authority, can continue up to the end of the extension granted (see Article 17(4) of the Ministerial Decree);
- the entities admitted to the testing period which, at the end of same, request authorization to carry out an activity or to be listed in a register, can continue up to the granting of the authorization or listing (see Article 17(7) of the Ministerial Decree).
In all other cases, the testing period cannot continue beyond the expiry date, except if the activity/product/process conforms to all the applicable provisions.