Just as a playground sandbox offers the opportunity to experiment without the risk of hurting anything or anyone, a regulatory sandbox is  a supervised regulatory testing environment that allows innovators to trial new products or services under relaxed regulatory conditions.

The UK’s Financial Conduct Authority (FCA) first introduced the concept in 2015 as part of  “Project Innovate” to foster the growth of a Fintech sector then in its infancy. The structured framework allows firms to test innovative products, services, or business models in a real-world setting while operating under modified or temporarily relaxed regulatory requirements. Participation is typically time-limited and subject to defined conditions, oversight, and reporting obligations set by the relevant regulator.

Common elements of a regulatory sandbox

While specific designs vary by jurisdiction, most regulatory sandbox programmes share a common set of structural features intended to balance experimentation with regulatory oversight.

• Defined scope of activities such as AI in credit underwriting models or fraud detection tools.

• Eligibility criteria for participants: applicants must demonstrate innovation, consumer benefit, and a genuine regulatory barrier to deployment.

• Limits on scale or exposure: caps on the number of customers affected, transaction volumes, or monetary amounts.

• Risk identification and mitigation requirements: mandatory controls addressing consumer harm, bias, data security, and operational resilience.

• Regulatory oversight and supervision: ongoing reporting, supervisory check-ins, and regulator access to model performance and outcomes.

• Clear exit or termination conditions: participation limited to a fixed period of time.

The Global Track Record of Regulatory Sandboxes

The FCA model demonstrated that structured experimentation could coexist with consumer protection and supervisory rigor, setting a template that many other regulators have since adapted.

Following the UK’s example, sandbox frameworks have expanded across Europe, Asia-Pacific, the Middle East, and parts of Africa, often coordinated through financial regulators or central banks. Jurisdictions such as Singapore, Australia, the European Union, the United Arab Emirates, and Kenya have established sandbox programmes tailored to local market structures and policy objectives.

Financial services and fintech are the most common beneficiaries of regulatory sandboxes globally, reflecting the sector’s heavy regulation and rapid technological change. Typical use cases include payments, digital identity, regtech, and increasingly AI-enabled services such as automated credit assessment, fraud detection, and compliance monitoring.

Where Regulatory Sandboxes Are Used in the United States

A federal regulatory sandbox does not exist in the United States. Innovation policy has evolved in piecemeal fashion, shaped by the federal system and sector-specific regulatory structure. As a result, regulatory flexibility for emerging technologies such as AI is uneven and often dependent on geography or the specific regulator involved.

A growing number of states have established formal sandbox programmes, however. States such as Arizona, Utah, Wyoming, Florida, and North Carolina operate sandboxes that allow companies to test new products under modified state regulatory requirements. These programmes typically focus on fintech, insurance, legal services, and broader emerging technologies, with some states explicitly expanding their sandboxes beyond financial services to include AI-driven applications in other sectors.

What Does the Sandbox Act Aim to Accomplish?

The proposed Sandbox Act would create a federal framework allowing companies to test and deploy artificial intelligence systems under modified regulatory requirements, with government oversight, for a limited period of time. While still only a proposal, it reflects a broader shift in how policymakers are thinking about regulating fast-moving technologies like AI.

For banks, this discussion is not theoretical. AI is already being used across the financial sector for credit underwriting, fraud detection, compliance monitoring, customer service, and risk management.

Problems a Regulatory Sandbox Can Help Solve

In principle, regulatory sandboxes are intended to address a set of recurring challenges that arise when innovative AI technologies are introduced into highly regulated financial environments. They include:

• Regulatory uncertainty for novel AI applications: A bank developing an AI-driven credit underwriting model faces unclear expectations around explainability, model validation, and supervisory review, delaying deployment despite internal risk controls.

• Mismatch between legacy regulations and modern AI-driven business models could mean that institutions are forced to simplify or abandon higher-performing approaches to meet legacy compliance requirements.

• Barriers to entry for startups and smaller firms with limited resources are unable to test AI-enabled products because full regulatory compliance is required before any market exposure.

• Limited real-world testing data for regulators and policymakers. Supervisors must assess AI risks using theoretical models or lab testing rather than observing performance, bias, and consumer impact in controlled, real-world conditions.

Are Regulatory Sandboxes Necessary for AI Innovation in the Financial Sector?

Successful innovation in financial services starts with a clear understanding of regulatory expectations. AI used in areas such as AML, sanctions screening, and fraud prevention operates in environments where model opacity, automation risk, and potential systemic impact are already well understood by regulators. These risks are not theoretical, and institutions deploying AI in these domains are expected to manage them within existing supervisory frameworks.

Recent industry evidence suggests that the primary constraints on AI adoption in banking are not regulatory permission but the ability to execute at scale. Banks report persistent hurdles related to data readiness, regulatory compliance, and implementation complexity, contributing to high development and deployment failure rates. At the same time, adoption has accelerated markedly. A recent study by EY found that nearly half of banks had already rolled out AI applications by 2025, up from just 10% in 2023, and 90% are at least in beta testing or beyond. Most institutions are already using AI within existing regulatory frameworks. The obstacles lie in delivery and governance, not regulatory hurdles.

Silent Eight’s experience working with global financial institutions demonstrates that AI solutions designed from the outset for regulatory approval – with transparency, auditability, and human oversight built in – can be adopted successfully without special regulatory relief.

A Novel Approach for Novel Use Cases

Regulatory sandboxes can prove valuable in circumstances, such as novel use cases with no regulatory precedent, early-stage market entrants, or experimental models that lack operational history. In these cases, sandboxes can support learning and dialogue. Financial crime compliance, however, is a mature AI use case not likely to benefit from the relief regulatory sandboxes can bring. 

For banks, the long-term success of AI adoption will depend less on temporary regulatory flexibility and more on deploying solutions that are transparent, well-governed, and aligned with supervisory expectations from the outset. As AI continues to mature across financial services, institutions will be best served by focusing on technologies built for regulatory reality, not regulatory exceptions.