Central Bank of Bahrain Regulatory Sandbox Framework

4

The CBB shall include a list of authorised Regulatory Sandbox Participants (hereinafter referred to individually as “Participant” and collectively as “Participants”) on its website.

5

All forms relating to the Sandbox can be found on the CBB’s website.

This section sets out the main eligibility criteria for participation in the Sandbox, which include the following:

(1) Innovation: The service must be truly innovative, addresses a market gap or is sufficiently different from existing offerings, or offers a new use for existing technologies within financial services (as evidenced by market research and a comparison of the key features of the Applicant’s technology or operating methodology against competitors).

(2) Customer benefit: The service must offer identifiable direct or indirect benefits to customers (for e.g. based on customer research showing improved security, customer experience, efficiency, quality of product, lower prices or a combination of any of the above). These must be supported by quantifiable estimations or demonstrations, where possible.

(3) Identification of Major Risks: The Applicant must identify the major risks associated with the solution or service, as well as the measures to mitigate these, including business continuity and disaster recovery.

(4) Compliance with CDD and AML/CFT Requirements: The Applicant must be able to comply with the Customer Due Diligence (CDD) and Anti-money Laundering/Combating the Financing of Terrorism (AML/CFT) Requirements set out in the CBB Rulebook.

(5) Confidentiality Requirements: The Applicant must be able to maintain the confidentiality of customer information in accordance with the Central Bank of Bahrain and Financial Institutions Law No.64 of 2006, as amended (“CBB Law”) and other applicable laws.

A

Application Process

1. Prior to applying to enter the Sandbox, prospective applicants:

(a) are encouraged to approach the CBB to discuss their application at an early stage, so that any specific questions may be dealt with prior to submitting the application to the CBB. Such enquiries may be sent to sandbox@cbb.gov.bh.

(b) must ensure that they have met, and are able to continue to meet, the eligibility criteria set out in Section 3 above.

2. Applicants wishing to enter into the Sandbox must apply to the CBB through the Regulatory Sandbox online application platform in the CBB’s official website.

3. The declaration page of the application form must be signed and submitted to the CBB along with the application.

4. In cases where more than one FinTech firm are jointly involved in an innovative project or where a CBB licensed financial institution wishes to work with a particular FinTech Firm, a joint application may be made.

5. The Sandbox application form requires the provision of, among other details, the following information along with supporting documents (where applicable):

(a) A brief description of the Applicant company, including its financial standing, technical and business domain expertise and its founders and management (along with their CVs).

(b) A brief description of the service and solution to be tested in the Sandbox and the manner in which it addresses particular gaps or benefits customers.

(c) A description of how the Applicant has met the Eligibility Criteria described in Section 3 above (along with supporting evidence).

(d) A description of the plan with regards to communication with volunteer customers, which must include adequate risk disclosures and material information about the Participant, the service and the testing being conducted in the Sandbox.

(e) The testing plan and a description of the testing target and predicted outcomes and Key Performance Indicators (KPIs) which will be used to determine the success of the testing.

(f) A description of any third-party outsourcing arrangement, including the due diligence conducted by the Applicant on such third party.

(g) Any other information which the CBB ought to be informed about.

6. All documentation provided to the CBB as part of the application must be in either Arabic or English language.

B

Application Fee

1.The Application fee for the Sandbox is BD 100 (non-refundable) to be paid at the time of submitting the application.

2. Applicants may pay the required application fee through the CBB’s Website.

1.The duration of the Sandbox is up to a period of 12 months from the date of the CBB’s authorisation to participate in the Sandbox.

2.The testing period may be extended subject to the following:

(a)The Participant must notify the CBB at least 30 days prior to the expiry of the 12-month testing period.

(b)The authorised Regulatory Sandbox Participant must provide the CBB with a detailed account of the reasons for the request for extension.

3.The CBB may, approve or reject, a request for extension in its discretion.

4.Where the CBB approves the request for extension, it may stipulate the appropriate time period for extension which may differ from the requested period.

Below is a flowchart in relation to the Sandbox process and timeline:

A

General Obligations

1. The Participant must assign a contact person to communicate with the CBB.
2. In conducting the testing, the Participant must not infringe upon any Intellectual Property rights of third parties.
3. The Participant must comply with all applicable laws in Bahrain.

B

Specific Obligations

1. CDD and AML/CFT Requirements and Financial Crime

a) Participants must comply, at all times, with legal and regulatory requirements relating to CDD and AML/CFT, including those set out in the CBB Rulebook.

b) Participants must maintain adequate systems and controls to address the risks of financial crime occurring during the course of Sandbox testing.

2. Confidentiality of Customer Information

a) Participants must comply with all legal and regulatory requirements relating to maintaining confidentiality of customer information.

b) Volunteer customer information must be kept confidential (both during and after the Sandbox period) and must not be used for any purpose other than for their Sandbox testing purposes in Bahrain.

3. Client Money Account Requirements

a) Participants must open an account with a retail bank licensed by the CBB to be used solely for the purpose of handling the funds of volunteer customers. A confirmation document from the bank should be provided to the CBB. For the avoidance of doubt, the client money account may not be used for any purpose other than for holding the funds of volunteer customers.

b) The Participant must ensure that it keeps adequate records of the funds belonging to each volunteer customer including records showing that the money was deposited into the client money account.

c) A separate corporate account may be opened by the Participant for Sandbox testing purposes to be used solely for testing purposes and such account must not be used for any other purpose.

d) Participants must maintain sufficient systems and procedures in respect of the handling of the money of volunteer customers as well as sufficient internal controls to monitor this requirement.

4. Management

The management of the Participant must conduct themselves with honesty and integrity at all times.

5. Risk Mitigation

Participants must conduct periodic reviews to identify risks associated with the service and solution and put in place measures to mitigate them.

C

Reporting Requirements

1. Participants must fill out the CBB’s standard form on quarterly progress reporting and submit it to the CBB on the last day of every calendar month. The form must be signed by a member of senior management who is an authorised signatory of the Participant and emailed to sandbox@cbb.gov.bh.
2. The CBB may request the Participant to provide further information as and when required.

D

Notification Requirements

The Participant must immediately notify the CBB in the event of the occurrence of any of the following:

a) Any changes to the information provided to the CBB in support of the Sandbox application whether such change occurs prior to, or after, entering into the Sandbox.

b) Any changes to the testing plan.

c) Any adverse events relating to the testing, including but not limited to, cyber security incidents, major operational issues, obstacles that have a major impact on the testing, any failure to comply with applicable laws or this framework etc.

1. The permissible number of volunteer customers for testing is up to 100 customers. However, the CBB may permit testing with more customers where the nature of testing requires so. In such cases, the CBB will decide and inform the Participant of the number of permissible volunteer customers for testing.
2. The total transaction limit for the testing or the transaction limit per customer shall be approved or decided by the CBB on a case-by-case basis.
3. Participants must ensure that they provide appropriate levels of written disclosure to volunteer customers on the nature of the service, any fees or charges and any risks associated with the testing/service. Such disclosure should be transparent and complete. Participants must also ensure that volunteer customers have read, fully understand and accept such risks prior to commencing testing with them.
4. Participants must have clear and sufficient onboarding procedures for volunteer customers which meet the requirements set out in the CBB Rulebook.
5. Participants must have in place appropriate procedures and channels to deal with customer enquiries, complaints and feedback.

1. Participants should not use the term ‘licensed’ during the course of their testing, or otherwise hold themselves out to be a licensee of the CBB or as being regulated by the CBB, unless they are already a CBB licensee.
2. The term to be used by Participants is “Authorised Regulatory Sandbox Participant”.