Fintech Regulatory Sandbox Framework

Bank Negara, Malaysia’s central bank and banking/insurance regulator issued the finalized FinTech Regulatory Sandbox Framework [FRSF] following its earlier Discussion Paper. 

It comes into effect on 18th October 2016 as announced by BNM Governor Datuk Muhammad Ibrahim in his keynote address at the Sixth Malaysian Insurance Summit.

To recap, the FRSF is meant for BNM to adapt regulatory requirements that inhibit innovation for FinTech companies (whether working with financial institutions or on their own).

The FRSF is meant to enable innovation of FinTech to be deployed and tested in a live environment, within specified parameters and timeframes.


The FRSF is applicable for:

  1. Financial institutions authorised or registered under the Financial Services Act 2013 (FSA);
  2. Authorised business under the Islamic Financial Services Act 2013 (IFSA);
  3. Companies licensed under the Money Services Business Act 2011 (MSBA); and
  4. Prescribed institution under the Development Financial Institutions Act 2002 (DFIA).

For stand-alone FinTech entities, its proposed solution must be:

  1. As an authorised or registered business as defined by the FSA;
  2. As an authorised business under the IFSA; and
  3. As a money services business under the MSBA


BNM will accord preference for the following:

  1. Collaboration between FIs and FinTech companies; and
  2. Standalone FinTech companies promoting innovation that could create high value-add jobs to Malaysia.


The eligibility criteria has been refined, after taking into account feedback:

(a) the solution is genuinely innovative with potential to –

  1. improve accessibility, efficiency, security and quality in financial services;
  2. enhance efficiency and effectiveness of risk management in Malaysian financial institutions; or
  3. address gaps in or open up new opportunities for financing or investments in Malaysian economy;

(b) Applicant conducted an assessment to demonstrate usefulness and functionality of solution and identified associated risks;

(c) Resources to support testing in the sandbox, including risk management expertise;

(d) Realistic business plan to commercialise the solution after exit;

(e) Solution is wholly or partly incompatible with BNM regulations. BNM may grant regulatory flexibilities for a solution that possesses strong value propositions; and

(f) Led and managed by persons with credibility and integrity.

Feedback from Compliance Roundtable Accepted

We were pleased that our earlier suggestion, based on a Compliance Roundtable we conducted in Kuala Lumpur, had been accepted by BNM:

  • That the sandbox should not just be limited to FinTech companies working with financial institutions. BNM took a more nuanced approach by stating that FinTech companies that collaborate with financial institutions could gain “advantages from guidance and support provided by financial institutions” with respect to regulatory requirements and risk mitigation.
  • Fintech companies with potential to contribute meaningfully to the creation of high value-added jobs in Malaysia will be assessed more favourably.
  • BNM will inform applicants of its eligibility to participate in sandbox within 15 working days of receiving a complete application.
  • Upon expiry of sandbox, regulatory exemption would also expire but extension could be given if prior application has been made and approval was given.
  • An extension of the sandbox period can be given beyond 12 months, with proper justification be submitted in writing.

Do note that the Sandbox regime in Malaysia only applies to activities regulated by BNM, and not by the Malaysian Securities Commission.

Do contact us if you have any questions on the Sandbox regime!

Leave a Comment

Your email address will not be published. Required fields are marked *