Technology risk
Navigating the AI landscape: opportunities and challenges for African SMEs
Click each term for related articles
Africa
Regulatory risk
Financial technology (Fintech) companies provide financial services through technology. Fintech companies have grown at an unprecedented rate throughout Africa, including in Tanzania during the past fifteen years.
In a steady move to set up a regulatory compliance landscape for Fintech, innovations and companies, the Government of Tanzania through the Minister of Finance has enacted the Fintech (Regulatory Sandbox) Regulations, Government Notice Number 540 of 2024 (the Fintech Regulations), under the Bank of Tanzania Act No. 4 of 2006 published on 5 July 2024.
In this month’s legal update, we provide an overview of the Fintech Regulations issued by the Bank of Tanzania (the BoT) which aim to create a conducive regulatory environment for Fintech technologies and innovations to be tested in the market alongside adequate measures that ensure protection of consumers.
The following key terms have been defined in the Fintech Regulations:
“Financial service provider” means an institution that owns a licence to conduct financial services, regulated and supervised by the BoT;
“Financial solution” means any product, service, delivery channel, technology or business model including digital payments; digital lending; money transfer and remittance services; digital know your customer; digital platform; digital identification services; cyber security services and products; sustainable financing; mobile technology applications; big data and data analytics; applications using distributed ledger technologies and artificial intelligence and machine learning applications and any other product, service, delivery channel, technology or business model as may be approved by the BoT;
“Fintech company” means an entity incorporated in Tanzania for the delivery of innovative financial solutions to the market;
“Financial technology (fintech)” means technological innovation to be utilised in the provision of financial products and services;
“Fintech Regulatory Sandbox” means a formal process established by the BoT in which an under regulated environment corporate body conducts tests of new innovative products, services, delivery channels or business models in a controlled environment;
“Testing environment” means a live market environment where the participant proves the applicability of the financial solution; and
“Market” means an environment in which a financial solution is deployed for use.
The Fintech Regulations aim to make it possible for Fintech innovations to be evaluated and implemented in Tanzania within predetermined boundaries and time frames. The result aimed for is maximising the potential for innovation technologies and Fintech that promote financial inclusion and deepening, guaranteeing proper consumer protection measures, and helping Fintech innovators transition from an unregulated environment to a regulated environment.
The following is a brief analysis on the eligibility and application procedures as provided under the Fintech Regulations:
The Fintech Regulatory Sandbox seeks to implement financial products and services that are not yet fully covered by current regulatory requirements in a controlled setting by using a test-and-learn methodology in accordance with the BoT mandate.
Applications for the Fintech Regulatory Sandbox are open and eligible to Fintech companies and Financial Service Providers.
The BoT shall invite eligible candidates to the Fintech Regulatory Sandbox on a quarterly basis in accordance with the Fintech Regulations. It is necessary for an applicant to apply by submitting an application form, a financial solution risk profile that details potential risks, causes, effects, and control measures in place, and supporting documentation to the BoT within 30 days of receiving the invitation if they plan to participate in the Fintech Regulatory Sandbox.
For the Fintech Regulatory Sandbox participation application to be accepted, the application form as set out in Part A of the Schedule to the Fintech Regulations shall be accompanied by a variety of documents, including the following:
The BoT’s commitment to a transparent and well-structured process is evident in their extensive application requirements. Although the rigorous process guarantees participation from only serious and well-prepared Fintech companies, it may also pose obstacles for smaller or less established Fintech companies.
Nevertheless, the overall goal of the Fintech Regulatory Sandbox is to find a middle ground between implementing necessary safeguards and encouraging innovation.
Upon application, the BoT will evaluate the application and notify the applicant in writing within forty-five days on the evaluation results with either a ‘restricted’ approval or rejection to participate in the Fintech Regulatory Sandbox.
In the event of rejection of the application, the BoT will give the applicant written justification for the rejection. The applicant will have a chance to make corrections within a timeframe that will be detailed in the rejection notification in the event that a recognised shortcoming results in the rejection.
If the errors in the application that led to the first rejection have been rectified, the applicant who had their application denied may submit another application within six months. After reviewing the re-application, the BoT will decide whether to accept it or reject it.
Before the testing period ends and upon the participant failing to show good cause within fourteen days as to why the approval should not be withdrawn, the BoT has the right to withdraw or revoke an applicant's approval to participate in the Fintech Regulatory Sandbox.
Participants must start testing their financial solution within two months of receiving approval from the BoT. Failure to start within two months will require the participant to provide written reasons to the BoT for non-compliance.
The financial solution must be completed within twelve months of receiving approval, with the BoT extending the testing period to address specific issues or risks identified during the testing period.
The participant must submit a progress report to the BoT every three months detailing, among other things, key milestones, identified risks, customer complaints and operational challenges. The report should also include mitigation measures.
The Fintech Regulations mandate participants to adhere to the Personal Data Protection Act No. 11 of 2022 when collecting data during or after testing a financial solution. This mandate ensures that sensitive information, including customer data, is safeguarded throughout the testing process and beyond, even after approval has been withdrawn. Additionally, applicants must register their intellectual property rights with the appropriate authorities, and the BoT is not liable for claims made by third parties against the applicant/Fintech Regulatory Sandbox participant.
The Fintech Regulations state that a participant who violates any condition commits an offence. The BoT may issue a warning or a one-year suspension from participating in the Fintech Regulatory Sandbox upon confirmation that the violation has taken place.
The Fintech Regulations discussed in this legal update arguably exist with the goal of establishing a favourable regulatory framework for testing fintech technologies and innovations in the market. The Fintech Regulations prioritise consumer protection and the advancement of financial inclusion. They detail the criteria and process for eligibility to participate in the Fintech Regulatory Sandbox, stressing the importance of utilising emerging technologies, filling market gaps, and enhancing service standards. Furthermore, participants must adhere to data protection regulations, address customer grievances, and safeguard intellectual property rights.
End