Sandbox FAQs
Early Stages
The Regulatory Sandbox Framework is introduced to encourage innovation and the delivery of financial services by granting regulatory flexibilities for solutions with genuine value proposition to be experimented in a production or live environment. Such flexibilities will be accompanied by appropriate safeguards to preserve financial stability and fair treatment to consumers.
Read more about the Sandbox hereThe Regulatory Sandbox is open to all regulated entities of BNM and fintech companies including those without any existing presence in Malaysia, but are interested to offer their services in the Malaysian market.
There is no strict limit to the number of participants in Regulatory Sandbox, BNM will consider the number of participants that can be effectively supported at any given time.
No, the Sandbox is also open to all fintech companies. However, fintech companies that collaborate with FIs could gain added advantages from guidance and support provided by a partner FI.
No, at this juncture the Green Lane is only applicable to financial institutions as defined in paragraph 5.2 of the Framework. This is given that the Green Lane assessment is primarily based on an applicant’s past record of compliance, which is not applicable to a fintech company.
However, a fintech company may participate in the Green Lane by way of partnership with a financial institution where the financial institution must initiate the application, own the solution to be tested and be accountable for the safeguards.
Alternatively, a fintech company can also opt to apply to the Standard Sandbox for standalone applications, which has been simplified to better cater to a fintech solution innovation cycle.
The Sandbox team can be contacted via email at [email protected]
Pre-Application
Standard Sandbox
- You should expect to receive an acknowledgment of your application within 1-2 working days.
- Your application will be assessed against the eligibility criteria specified under section 6 of the Regulatory Sandbox Framework. This would typically involve several discussions to better understand your proposed business model.
- BNM endeavours to provide a decision on your application within 15 working days from the date at which complete information is submitted to BNM.
- The pace at which you progress through the application stage is dependent on the completeness of information you provide and your readiness to test the solution in a live environment.
Green Lane
- You should expect to receive an acknowledgment of your application within 1-2 working days.
- Your application will be assessed against the eligibility criteria specified under section 7 of the Regulatory Sandbox Framework.
- BNM endeavours to provide a decision on your application within 30 working days from the date at which complete information is submitted to BNM.
- The pace at which you progress through the application stage is dependent on the completeness of information you provide.
You should refer to the application guidance here for further information.
You may refer to the Regulations page for a comprehensive list of regulated activities.
Financial institutions are subjected to prior written approval of BNM in accordance with sections 14, 15 and 16 of the Financial Services Act 2013 and the Islamic Financial Services Act 2013 in order to carry on an Islamic financial business. This includes any collaboration or partnership with fintech companies to offer solutions for Islamic financial services via the Regulatory Sandbox.
You may direct your query to [email protected].
Application
Standard Sandbox: You can download the Sandbox Application Form and email it to [email protected]
Green Lane: You can download the Green Lane Application Form and email it to [email protected]
Before you submit your application, you should ensure that you have read and understood the application guidance here in detail.
Standard Sandbox
Your application will be assessed against the eligibility criteria specified under section 5 of the Regulatory Sandbox Framework. This would typically involve several discussions to better understand your proposed business model. You should refer to the application guidance here for further information.
Green Lane
Your application will be assessed against the eligibility criteria specified under section 7 of the Regulatory Sandbox Framework. You should refer to the application guidance here for further information.
BNM expects all applicants to be adequately capitalised for the business it undertakes, with adequacy typically guided by BNM's existing risk-based capital requirements, where relevant. Nevertheless, the specific regulatory treatment and flexibilities may be calibrated on a case-by-case basis, based on merits of the application.
Compliance with RMiT PD during live testing does not form part of the criteria for both the Regulatory Sandbox approval. Notwithstanding, there are non-negotiable safeguards for cyber and technology risk that form baseline requirements for all proposed solutions in the Regulatory Sandbox. These requirements will be set on a case-by-case basis depending on the proposed solutions. Generally, these include, but are not limited to, the following:
- customer data confidentiality and information security;
- comprehensive penetration testing by accredited third party on applicants’ internal and external facing applications and network infrastructures; and
- high availability and scalability of cloud infrastructures, if any, including strong recovery, resumption capabilities and retained ownership, control and management of all data pertaining to customer and counterparty information, proprietary data and services hosted on the cloud.
Notwithstanding, upon graduation from the Regulatory Sandbox or scaling up prior to wider commercial launch, participants will be expected to conduct a comprehensive RMiT compliance gap assessment and indicate efforts as well as action plans to address identified gaps.
An applicant with proposed solutions for Islamic financial services involving straight forward Shariah contracts that are within the existing Shariah ruling are required to submit information to BNM covering:
- product description, including name and features;
- product structure, including transaction flows;
- types of Shariah contract(s) used; and
- assessment of compliance against the relevant SAC ruling and/or Shariah requirements relating to the product structure;
Yes. For a proposed solution for Islamic financial services where there is no existing Shariah rulings, BNM may consider allowing it to be tested in the sandbox subject to the applicant demonstrating the following:
Standard Sandbox
- In Stage 1, a clear business plan and timeline for Shariah committee/ consultants to be appointed in order to deliberate and issue a ruling on areas without existing Shariah ruling, supported by solid justifications and rationales; and
- In Stage 2, an attestation by the appointed Shariah committee/ consultants that the proposed solution is in line with Shariah principles, supported by accurate and detailed documentations on minutes of meeting with Shariah committee/ Shariah consultants, which include, among others, records of decisions or advice, key deliberations, rationale for each decision or advice made, and any significant concerns and dissenting views. The attestation and supporting documentations may also be provided early to the Bank during Stage 1, if available.
Green Lane
- An attestation by the participating financial institution’s Shariah Committee that the new solution to be tested is in line with Shariah principles. Similar to the Standard Sandbox, this shall be supported by accurate and detailed documentations on minutes of Shariah committee meetings, which record the decisions or advice, the key deliberations, rationale for each decision or advice made, and any significant concerns and dissenting views.
Notwithstanding the above, the Bank will not consider an application if the proposed solution for Islamic financial services is deemed in contravention to any existing Shariah ruling.
Fintech companies may consult an accredited Shariah advisory firm or qualified Muslim individuals (either Malaysian or non-Malaysian) who possess relevant qualifications, skills, knowledge and experience as Shariah consultants. For the appointment of an individual as a consultant, fintech companies shall assess whether the person fulfils the following:
- is a Muslim individual;
- has been assessed to have met the requirements specified in the policy document on Fit and Proper Criteria on a continuous basis;
- holds, at minimum, a bachelor’s degree in Shariah, which includes study in Usul Fiqh (principles of Islamic jurisprudence) or Fiqh Muamalat (Islamic transaction/commercial law);
- possesses solid knowledge in Shariah with reasonable Islamic finance knowledge and experience of the relevant industry; and
- demonstrates strong proficiency and knowledge in written and verbal Arabic, with good command in the preferred language of either Bahasa Melayu or English language.
Standard Sandbox
- No, applicants may only test one solution at any given point of time in the Standard Sandbox.
Green Lane
- Yes, the Bank allows testing of multiple solutions for the purposes of the Green Lane. Therefore, a Green Lane participating institution can either choose to test the solutions concurrently or stagger them across the year.
- Notwithstanding, Green Lane participating institutions must provide an overview of the solutions proposed to be tested in the Green Lane, which must include a short description of the business model, target segment, list of potential regulatory impediments and planned date for testing as stipulated in paragraph 7.8 (a) of the Framework.
When an application is rejected, you should expect a correspondence detailing reasons for the rejection. You can also reach out to the Regulatory Sandbox team if you need any further clarification on our response.
Yes, all information submitted to BNM for the purpose of the Regulatory Sandbox will be treated confidentially.
Testing
- During the live test period, applicants are expected to provide regular reports on the progress of the test. Applicants should also prepare for their next steps after the end of the test.
- Applicants are expected to also prepare for their exit from the Sandbox depending on the success or failure of the test.
- The initial testing period provided is subject to a maximum of 12 months for both the Standard Sandbox and Green Lane. Extensions to the testing period may be considered and will be assessed on a case-by-case basis.
- To extend the testing period, a written application must be submitted by the participants to BNM no later than 30 calendar days before the expiry of the testing period. The application should state the additional time required and clearly explain reasons for requiring the extension.
- If an applicant experiences significant issues during testing and needs to stop its operations, the Regulatory Sandbox team should be informed as soon as possible.
- The applicant will have to ensure an orderly exit from the Regulatory Sandbox (either the Standard Sandbox or the Green Lane) and minimise impact on customers.
Applicants who have not managed to achieve the KPIs of a test will need to assess reasons for the failure and determine its next appropriate step, which may include winding down operations in an orderly manner, or considering changes to the business model and alternative business arrangements.
Approval to test in the Regulatory Sandbox may be viewed as a learner's permit. A full licence or approval is not necessarily guaranteed after the test.
An approval to participate in the Regulatory Sandbox and any regulatory flexibility accorded will automatically expire, unless prior written approval has been sought from BNM to extend the testing period.
Upon completion of the testing, BNM will decide whether to allow the product, service or solution to be introduced in the market on a wider scale. Where allowed, participating fintech companies intending to carry out regulated businesses will be assessed based on applicable licensing, approval and registration criteria under the FSA, IFSA and MBSA, as the case may be.

