The Fintech (Regulatory Sandbox) Regulations, 2024

Financial technology (Fintech) companies provide financial services through technology. Fintech companies have grown at an unprecedented rate throughout Africa, including in Tanzania during the past fifteen years.

In a steady move to set up a regulatory compliance landscape for Fintech, innovations and companies, the Government of Tanzania through the Minister of Finance has enacted the Fintech (Regulatory Sandbox) Regulations, Government Notice Number 540 of 2024 (the Fintech Regulations), under the Bank of Tanzania Act No. 4 of 2006 published on 5 July 2024. 

In this month’s legal update, we provide an overview of the Fintech Regulations issued by the Bank of Tanzania (the BoT) which aim to create a conducive regulatory environment for Fintech technologies and innovations to be tested in the market alongside adequate measures that ensure protection of consumers. 

Key terms in the Fintech Regulations

The following key terms have been defined in the Fintech Regulations:

“Financial service provider” means an institution that owns a licence to conduct financial services, regulated and supervised by the BoT;

“Financial solution” means any product, service, delivery channel, technology or business model including digital payments; digital lending; money transfer and remittance services; digital know your customer; digital platform; digital identification services; cyber security services and products; sustainable financing; mobile technology applications; big data and data analytics; applications using distributed ledger technologies and artificial intelligence and machine learning applications and any other product, service, delivery channel, technology or business model as may be approved by the BoT;

“Fintech company” means an entity incorporated in Tanzania for the delivery of innovative financial solutions to the market;

“Financial technology (fintech)” means technological innovation to be utilised in the provision of financial products and services; 

“Fintech Regulatory Sandbox” means a formal process established by the BoT in which an under regulated environment corporate body conducts tests of new innovative products, services, delivery channels or business models in a controlled environment; 

“Testing environment” means a live market environment where the participant proves the applicability of the financial solution; and

“Market” means an environment in which a financial solution is deployed for use.

The Fintech Regulations aim to make it possible for Fintech innovations to be evaluated and implemented in Tanzania within predetermined boundaries and time frames. The result aimed for is maximising the potential for innovation technologies and Fintech that promote financial inclusion and deepening, guaranteeing proper consumer protection measures, and helping Fintech innovators transition from an unregulated environment to a regulated environment.

Eligibility and Application Procedures

The following is a brief analysis on the eligibility and application procedures as provided under the Fintech Regulations:

Eligibility

The Fintech Regulatory Sandbox seeks to implement financial products and services that are not yet fully covered by current regulatory requirements in a controlled setting by using a test-and-learn methodology in accordance with the BoT mandate. 

Applications for the Fintech Regulatory Sandbox are open and eligible to Fintech companies and Financial Service Providers.

Procedure for applications to participate in the Fintech Regulatory Sandbox 

The BoT shall invite eligible candidates to the Fintech Regulatory Sandbox on a quarterly basis in accordance with the Fintech Regulations. It is necessary for an applicant to apply by submitting an application form, a financial solution risk profile that details potential risks, causes, effects, and control measures in place, and supporting documentation to the BoT within 30 days of receiving the invitation if they plan to participate in the Fintech Regulatory Sandbox.

For the Fintech Regulatory Sandbox participation application to be accepted, the application form as set out in Part A of the Schedule to the Fintech Regulations shall be accompanied by a variety of documents, including the following:

• a cover letter as set out in Part B of the Schedule to the Fintech Regulations; 
• evidence of the source of funding to facilitate the testing; 
• a curriculum vitae accompanied by one recent passport size photograph, certified copies of national identification card or passport of each key personnel of the applicant; a duly executed agreement between the Fintech company and the owner of the testing environment in case of an applicant who is a Fintech company collaborating with a financial service provider or a Fintech company intending to offer financial solutions on financial products and services regulated by the BoT; 
• a realistic business plan deploying the financial solution on a commercial scale after exit from the Fintech Regulatory Sandbox; and 
• a documented financial solution containing among other things, timelines and deployment plan of the proposed financial solution. 

The BoT’s commitment to a transparent and well-structured process is evident in their extensive application requirements. Although the rigorous process guarantees participation from only serious and well-prepared Fintech companies, it may also pose obstacles for smaller or less established Fintech companies. 

Nevertheless, the overall goal of the Fintech Regulatory Sandbox is to find a middle ground between implementing necessary safeguards and encouraging innovation. 

Approval and revocation for inclusion in the Fintech Regulatory Sandbox

Approval of the Application 

Upon application, the BoT will evaluate the application and notify the applicant in writing within forty-five days on the evaluation results with either a ‘restricted’ approval or rejection to participate in the Fintech Regulatory Sandbox. 

Rejection of the Application 

In the event of rejection of the application, the BoT will give the applicant written justification for the rejection. The applicant will have a chance to make corrections within a timeframe that will be detailed in the rejection notification in the event that a recognised shortcoming results in the rejection.

Re-application 

If the errors in the application that led to the first rejection have been rectified, the applicant who had their application denied may submit another application within six months. After reviewing the re-application, the BoT will decide whether to accept it or reject it. 

Withdrawal of Approval of the Application 

Before the testing period ends and upon the participant failing to show good cause within fourteen days as to why the approval should not be withdrawn, the BoT has the right to withdraw or revoke an applicant's approval to participate in the Fintech Regulatory Sandbox. 

Testing of the Financial Solutions 

Participants must start testing their financial solution within two months of receiving approval from the BoT. Failure to start within two months will require the participant to provide written reasons to the BoT for non-compliance. 

The financial solution must be completed within twelve months of receiving approval, with the BoT extending the testing period to address specific issues or risks identified during the testing period.

Reports

The participant must submit a progress report to the BoT every three months detailing, among other things, key milestones, identified risks, customer complaints and operational challenges. The report should also include mitigation measures.

Compliance: Data Protection and Intellectual Property Rights

The Fintech Regulations mandate participants to adhere to the Personal Data Protection Act No. 11 of 2022 when collecting data during or after testing a financial solution. This mandate ensures that sensitive information, including customer data, is safeguarded throughout the testing process and beyond, even after approval has been withdrawn. Additionally, applicants must register their intellectual property rights with the appropriate authorities, and the BoT is not liable for claims made by third parties against the applicant/Fintech Regulatory Sandbox participant. 

Administrative Sanctions

The Fintech Regulations state that a participant who violates any condition commits an offence. The BoT may issue a warning or a one-year suspension from participating in the Fintech Regulatory Sandbox upon confirmation that the violation has taken place. 

Conclusion

The Fintech Regulations discussed in this legal update arguably exist with the goal of establishing a favourable regulatory framework for testing fintech technologies and innovations in the market. The Fintech Regulations prioritise consumer protection and the advancement of financial inclusion. They detail the criteria and process for eligibility to participate in the Fintech Regulatory Sandbox, stressing the importance of utilising emerging technologies, filling market gaps, and enhancing service standards. Furthermore, participants must adhere to data protection regulations, address customer grievances, and safeguard intellectual property rights.