Central Bank of Bahrain Regulatory Sandbox Framework

Central Bank of Bahrain (CBB) Regulatory Sandbox Framework

1 Introduction And Purpose


The Regulatory Sandbox Framework sets out the Central Bank of Bahrain’s (CBB) approach to participation in the FinTech Regulatory Sandbox (the “Sandbox”) of the Kingdom of Bahrain (“Bahrain”).


The Sandbox is a virtual space for both CBB-licensed financial institutions and other start-ups and FinTech firms to test their technology-based innovative solutions/services relevant to FinTech before scaling up their operations in Bahrain and across the region.


The CBB aims to transform and develop the financial services sector in Bahrain through FinTech and digital financial services which is to be achieved through ongoing initiatives introduced by the CBB, including innovation-friendly regulations and knowledge sharing via cross collaborations with regional and international regulators.


The CBB shall include a list of authorised Regulatory Sandbox Participants (hereinafter referred to individually as “Participant” and collectively as “Participants”) on its website.


All forms relating to the Sandbox can be found on the CBB’s website.

2 Scope Of Application


The Sandbox is open to both existing CBB licensees (financial institutions with FinTech initiatives) and other companies (both local and foreign) intending to test innovative financial services (hereinafter referred to individually as “Applicant” and collectively as “Applicants”).


The Sandbox is not suitable where the Applicant is unable to comply with the requirements of this framework, and in particular, the core requirements such as those relating to Anti Money Laundering and Combating the Financing of Terrorism (AML/CFT), handling of Volunteer Customer/Client Money and Assets and maintaining the confidentiality of customer information.

3 Eligibility Criteria

This section sets out the main eligibility criteria for participation in the Sandbox, which include the following:

(1) Innovation: The service must be truly innovative, addresses a market gap or is sufficiently different from existing offerings, or offers a new use for existing technologies within financial services (as evidenced by market research and a comparison of the key features of the Applicant’s technology or operating methodology against competitors).

(2) Customer benefit: The service must offer identifiable direct or indirect benefits to customers (for e.g. based on customer research showing improved security, customer experience, efficiency, quality of product, lower prices or a combination of any of the above). These must be supported by quantifiable estimations or demonstrations, where possible.

(3) Identification of Major Risks: The Applicant must identify the major risks associated with the solution or service, as well as the measures to mitigate these, including business continuity and disaster recovery.

(4) Compliance with CDD and AML/CFT Requirements: The Applicant must be able to comply with the Customer Due Diligence (CDD) and Anti-money Laundering/Combating the Financing of Terrorism (AML/CFT) Requirements set out in the CBB Rulebook.

(5) Confidentiality Requirements: The Applicant must be able to maintain the confidentiality of customer information in accordance with the Central Bank of Bahrain and Financial Institutions Law No.64 of 2006, as amended (“CBB Law”) and other applicable laws.

4 Application And Approval Process


Application Process

1. Prior to applying to enter the Sandbox, prospective applicants:

(a) are encouraged to approach the CBB to discuss their application at an early stage, so that any specific questions may be dealt with prior to submitting the application to the CBB. Such enquiries may be sent to sandbox@cbb.gov.bh.

(b) must ensure that they have met, and are able to continue to meet, the eligibility criteria set out in Section 3 above.

2. Applicants wishing to enter into the Sandbox must apply to the CBB through the Regulatory Sandbox online application platform in the CBB’s official website.

3. The declaration page of the application form must be signed and submitted to the CBB along with the application.

4. In cases where more than one FinTech firm are jointly involved in an innovative project or where a CBB licensed financial institution wishes to work with a particular FinTech Firm, a joint application may be made.

5. The Sandbox application form requires the provision of, among other details, the following information along with supporting documents (where applicable):

(a) A brief description of the Applicant company, including its financial standing, technical and business domain expertise and its founders and management (along with their CVs).

(b) A brief description of the service and solution to be tested in the Sandbox and the manner in which it addresses particular gaps or benefits customers.

(c) A description of how the Applicant has met the Eligibility Criteria described in Section 3 above (along with supporting evidence).

(d) A description of the plan with regards to communication with volunteer customers, which must include adequate risk disclosures and material information about the Participant, the service and the testing being conducted in the Sandbox.

(e) The testing plan and a description of the testing target and predicted outcomes and Key Performance Indicators (KPIs) which will be used to determine the success of the testing.

(f) A description of any third-party outsourcing arrangement, including the due diligence conducted by the Applicant on such third party.

(g) Any other information which the CBB ought to be informed about.

6. All documentation provided to the CBB as part of the application must be in either Arabic or English language.


Application Fee

1.The Application fee for the Sandbox is BD 100 (non-refundable) to be paid at the time of submitting the application.

2. Applicants may pay the required application fee through the CBB’s Website.


CBB Approval Process

1.The CBB shall provide a formal decision on a submitted application within 15 calendar days after all required information and documentation have been submitted in a form acceptable to the CBB.

2.The CBB shall then inform the Applicant in writing that it has either:

(a) Granted the application without conditions;

(b) Granted the application subject to conditions specified by the CBB; or

(c) Rejected the application, stating the reasons for the rejection. Reasons for rejection may include inability to meet the eligibility criteria set in Section 3 above.

3.The CBB may consider relaxing certain regulatory requirements while maintaining others. This will be assessed on a case-by-case basis taking into account the particular circumstances of the Applicant. For the avoidance of doubt, certain core legal and regulatory requirements such as those relating to AML/CFT and confidentiality of customer information shall not be relaxed and must be maintained at all times.

4.Once the CBB approves the application, the Applicant must establish a company registered by the Ministry of Industry, Commerce and Tourism to be used solely for the purpose of the Sandbox and must provide the CBB with a copy of the company’s Commercial Registration certificate.

5.The Applicant must also open a bank account with a CBB licensed retail bank for the purposes of handling the funds of volunteer customers in accordance with Section 6(B)(3) below.

5 Sandbox Duration And Extension

1.The duration of the Sandbox is up to a period of 12 months from the date of the CBB’s authorisation to participate in the Sandbox.

2.The testing period may be extended subject to the following:

(a)The Participant must notify the CBB at least 30 days prior to the expiry of the 12-month testing period.

(b)The authorised Regulatory Sandbox Participant must provide the CBB with a detailed account of the reasons for the request for extension.

3.The CBB may, approve or reject, a request for extension in its discretion.

4.Where the CBB approves the request for extension, it may stipulate the appropriate time period for extension which may differ from the requested period.

Below is a flowchart in relation to the Sandbox process and timeline:

6 Standards And Obligations


General Obligations

  1. The Participant must assign a contact person to communicate with the CBB.
  2. In conducting the testing, the Participant must not infringe upon any Intellectual Property rights of third parties.
  3. The Participant must comply with all applicable laws in Bahrain.


Specific Obligations

1. CDD and AML/CFT Requirements and Financial Crime

a) Participants must comply, at all times, with legal and regulatory requirements relating to CDD and AML/CFT, including those set out in the CBB Rulebook.

b) Participants must maintain adequate systems and controls to address the risks of financial crime occurring during the course of Sandbox testing.

2. Confidentiality of Customer Information

a) Participants must comply with all legal and regulatory requirements relating to maintaining confidentiality of customer information.

b) Volunteer customer information must be kept confidential (both during and after the Sandbox period) and must not be used for any purpose other than for their Sandbox testing purposes in Bahrain.

3. Client Money Account Requirements

a) Participants must open an account with a retail bank licensed by the CBB to be used solely for the purpose of handling the funds of volunteer customers. A confirmation document from the bank should be provided to the CBB. For the avoidance of doubt, the client money account may not be used for any purpose other than for holding the funds of volunteer customers.

b) The Participant must ensure that it keeps adequate records of the funds belonging to each volunteer customer including records showing that the money was deposited into the client money account.

c) A separate corporate account may be opened by the Participant for Sandbox testing purposes to be used solely for testing purposes and such account must not be used for any other purpose.

d) Participants must maintain sufficient systems and procedures in respect of the handling of the money of volunteer customers as well as sufficient internal controls to monitor this requirement.

4. Management

The management of the Participant must conduct themselves with honesty and integrity at all times.

5. Risk Mitigation

Participants must conduct periodic reviews to identify risks associated with the service and solution and put in place measures to mitigate them.


Reporting Requirements

  1. Participants must fill out the CBB’s standard form on quarterly progress reporting and submit it to the CBB on the last day of every calendar month. The form must be signed by a member of senior management who is an authorised signatory of the Participant and emailed to sandbox@cbb.gov.bh.
  2. The CBB may request the Participant to provide further information as and when required.


Notification Requirements

The Participant must immediately notify the CBB in the event of the occurrence of any of the following:

a) Any changes to the information provided to the CBB in support of the Sandbox application whether such change occurs prior to, or after, entering into the Sandbox.

b) Any changes to the testing plan.

c) Any adverse events relating to the testing, including but not limited to, cyber security incidents, major operational issues, obstacles that have a major impact on the testing, any failure to comply with applicable laws or this framework etc.

7 Volunteer Customers
  1. The permissible number of volunteer customers for testing is up to 100 customers. However, the CBB may permit testing with more customers where the nature of testing requires so. In such cases, the CBB will decide and inform the Participant of the number of permissible volunteer customers for testing.
  2. The total transaction limit for the testing or the transaction limit per customer shall be approved or decided by the CBB on a case-by-case basis.
  3. Participants must ensure that they provide appropriate levels of written disclosure to volunteer customers on the nature of the service, any fees or charges and any risks associated with the testing/service. Such disclosure should be transparent and complete. Participants must also ensure that volunteer customers have read, fully understand and accept such risks prior to commencing testing with them.
  4. Participants must have clear and sufficient onboarding procedures for volunteer customers which meet the requirements set out in the CBB Rulebook.
  5. Participants must have in place appropriate procedures and channels to deal with customer enquiries, complaints and feedback.
8 Status Of Participant And Interaction With Media
  1. Participants should not use the term ‘licensed’ during the course of their testing, or otherwise hold themselves out to be a licensee of the CBB or as being regulated by the CBB, unless they are already a CBB licensee.
  2. The term to be used by Participants is “Authorised Regulatory Sandbox Participant”.
9 Termination Or Amendment Of The Sandbox Authorisation By The CBB


Where it determines that continued testing would cause harm or poses a threat to the customers or the financial sector.


Where the Participant fails to comply with the requirements of this framework, and especially the core requirements referred to in Section 6 (B) above.


Where the Participant is found to be in breach of any of the conditions imposed by the CBB during the authorisation stage or thereafter.


For any other reason at its discretion.


Where it is discovered that any of the information or documents provided along with the Participant’s application are inaccurate or false;

10 Exit From The Sandbox


Voluntary Exit from the Sandbox

The Participant may choose to discontinue the testing at any time, subject to providing the CBB with a one-month notice. The CBB may impose conditions in such cases. The Participant will not be permitted to exit until such conditions are met.


Completion of Testing and Exit

  1. Upon exiting the Sandbox, Participants must cease all activities carried out during the Sandbox period. Furthermore, the bank account(s) opened for the purpose of the Sandbox must be closed immediately after the Participant’s exit from the Sandbox.
  2. Within two months of completion of the Sandbox testing period, the Participant must fill out and submit to the CBB the form on final management report, prepared and signed by the management of the Participant, which must include the following information:

a) A description of the Participant’s business model, services, products (and their delivery channels) along with any transactional flowcharts.

b) A comprehensive evaluation of all aspects relating to the testing, including:

  • Number and type of volunteer customers that participated in the test (i.e. retail or corporate);
  • A general description of the demographics of the volunteer customers (nationality, age groups and country of residence of the volunteer customers);
  • Description of the CDD process that was used for onboarding volunteer customers;
  • Number and volume of the test transactions; and
  • Key findings and results of the test.

c) Key risks identified and steps taken to address and mitigate such risks.

d) Brief details about the technology architecture.

e) Detailed log of operational or technical incidents, if any, and steps taken to address them.

f) Feedback from volunteer customers, including complaints, if any.

g) Details on any audits conducted.

h) Findings and observations regarding the success of the test.


Regulatory Sandbox Register

The following list shows the current FinTech Regulatory Sandbox Approved Companies and the Authorization Date to join the sandbox. Please hover over the company to view more details.

image description

7 August 2022

Crypto Payment Service Provider

9800 Wilshire Blvd Ste 205 Beverly Hills, CA 90212 United States of America
image description

21 February 2022

Crowdfunding Platform Operator

4110 Al-Imam Muhammad Ibn Saud Rd – Khuzama District Unit No. 525 Riyadh 12572 - 8807 Kingdom Of Saudi Arabia
image description
Twazn Digital Investment

25 January 2022

Digital Financial Advice

image description
Drahim App Fintech LLC

16 January 2022

Open Banking Platform

3634 Anas Bin Malik Al Malqa Dist. Riyadh 13524-6441 Kingdom of Saudi Arabia
image description
Mawwelny Technologies Ltd

16 January 2022

Trading Finance

DD-15-134-007, Level 15, Wework Hub 71, Khatem Tower, ADGM Al Maryah Island, Abu Dhabi United Arab Emirates
image description

10 January 2022

Cross-Border Payment Service Provider

N/A - Not Incorporated
image description

21 December 2021

SME Financing Platform

House 1009, Road 1225 Block 312 Kingdom of Bahrain
image description

12 September 2021

Smart Interactive Receipts

Office 21, Ajeyaad Seef, Building 2304, Road 2830 Seef 428, Kingdom of Bahrain
image description

1 September 2021

Buy Now, Pay Later

Office no 302, Building 551, Road 4612, Block 346, Manama – Water Bay, Kingdom of Bahrain
image description
Fintech 1999 for Internet Solutions

26 July 2021

Aggregator of Financial Products Information

Office 11, Building 548, Road 4415, Block 244 Arad, Kingdom of Bahrain
image description
Ghazeer Information Tech. Company "Amyal Insurance"

8 July 2021

Auto Insurance Data Analytics Provider

8872 ,Emaar Square Jeddah Saudi Arabia
image description
Amal Invest

8 July 2021

Investment Portfolio Management

N/A - Not Incorporated
image description
Point Checkout

24 June 2021

Rewards and Payments

in5 Design - EO12 Dubai Design District, Dubai United Arab Emirates
image description

12 April 2021

Tokenization Services Company

INABLR MIDDLE EAST W.L.L. DSO - IFZA Dubai Silicon Oasis Dubai, UAE
image description
Finagility Ltd.

9 February 2021

Digital Contract Payment Network

496 Aureole Walk New Market, Suffolk England, United Kingdom
image description

31 January 2021

Loan Aggregator - AISP

P.O.Box 10667 Jeddah 21443 Saudi Arabia
image description
Raseed Invest Inc.

3 December 2020

Investment Platform

981 Mission Street #15 San Francisco, CA 94103 United States of America
image description
Xpence Ltd.

10 October 2019

Sandbox Ancillary Service Provider

Office 2046 RESCOWORK02 Al Sila Tower, Abu Dhabi Global Market Square Abu Dhabi United Arab Emirates
image description

23 July 2019

Sandbox Ancillary Service Provider - Micro-lending platform

Interactive Solutions for Financing LLC King Hussein Business Park Building 7, Ground Floor P.O. Box 851222 Amman 11185 Jordan
Posted by: Dr. Nabil Chaiban - November 22, 2022. This article has been viewed 234 times.
Online URL: https://kb.bankingwords.com/article.php?id=16

Powered by PHPKB (Knowledge Base Software)