The Sandbox Experiment: What Ten Years of Regulatory Sandboxes Actually Achieved

When the UK Financial Conduct Authority launched the world’s first regulatory sandbox in 2016, it was a genuinely innovative policy idea. The concept was simple: allow fintech firms to test innovative products with real clients under temporary regulatory authorization and close FCA supervision, generating evidence about what works, what risks emerge, and how regulation should be designed for new technologies. The sandbox would lower barriers to entry for innovators, provide regulators with ground-level intelligence about emerging products, and create a controlled environment where failures could be contained before they reached systemic scale.

Within five years, virtually every major financial regulator had its own sandbox. The Monetary Authority of Singapore launched the MAS FinTech Regulatory Sandbox in 2016. The EU developed the DLT Pilot Regime, which came into force in March 2023. The UAE’s VARA built sandbox provisions into its framework. Abu Dhabi’s ADGM created the RegLab. Australia, Canada, Hong Kong, Japan, and dozens of other jurisdictions followed. Sandboxes became the default policy response to financial innovation globally.

Ten years of evidence now allows an honest assessment. The results are real but mixed. Sandboxes achieved some of what they promised. They also fell short of their more ambitious claims in ways that are instructive for future innovation policy design.

What Sandboxes Promised

The FCA’s original sandbox proposal articulated four distinct benefits. First, reduced time to market: sandbox authorization would be faster than full licensing, allowing innovators to test products before committing to full compliance infrastructure. Second, regulatory intelligence: observing sandboxed products would help the FCA understand risks before they scaled, improving the quality of subsequent regulation. Third, lower failure cost: failures in a controlled environment with limited client exposure would be less damaging than failures at scale. Fourth, international influence: other jurisdictions would look to the FCA’s framework as a model, giving the UK regulatory leadership in fintech.

All four of these outcomes were achieved to some degree. Time to market for many FCA sandbox participants was demonstrably shorter than full licensing timelines. The FCA’s regulatory approach to P2P lending, crypto custody, and stablecoin pilots has been demonstrably informed by sandbox observations. Several high-profile sandbox failures were contained before reaching systemic scale. And the FCA sandbox has indeed been widely imitated, validating the fourth claim.

But each claim, examined more carefully, reveals limitations.

The FCA Sandbox: The Pioneer’s Balance Sheet

The FCA sandbox has run for ten years and processed hundreds of applications, with roughly 200-300 firms participating across its cohorts. The outcomes data is instructive. Approximately 40% of firms that completed sandbox testing subsequently launched regulated products in the UK market. The success rate for sandbox graduates is higher than for unassisted license applications — sandbox participants arrive at full licensing with more regulatory capital, better compliance infrastructure, and established FCA relationships.

But the sandbox model has been more effective for incremental innovations — new products built on existing regulatory categories — than for genuinely novel technologies that require new legal frameworks. The blockchain and crypto cohorts are the telling examples. Multiple crypto custody firms, stablecoin pilots, and tokenized securities platforms went through FCA sandbox cohorts in 2019-2022. Their experiences generated FCA intelligence about product design and risk, and several launched subsequent regulated services. But the sandbox process did not resolve the fundamental question of what regulatory category applies to crypto assets — that required legislation, ultimately through the UK’s Financial Services and Markets Act 2023 and subsequent crypto framework consultations.

The sandbox is better at generating evidence within existing frameworks than at creating new frameworks.

The MAS Sandbox: Asian Efficiency

Singapore’s sandbox has a distinct character: it is faster, more targeted, and more explicitly focused on international competitive positioning than the FCA’s model. The MAS FinTech Regulatory Sandbox processes applications in approximately 21 working days for initial assessment, compared to months for full licensing. Singapore’s regulatory culture — less adversarial, more relationship-based — makes the sandbox a genuine partnership between regulator and innovant rather than a supervised trial.

The MAS sandbox has produced some of the most significant fintech innovations in Asia: cross-border payment systems, digital insurance products, and AI-driven credit assessment tools that have subsequently been licensed and scaled. Its most notable limitation has been in crypto: Singapore’s broader crypto regulatory approach has been more cautious than the sandbox’s initially permissive tone suggested, with the MAS tightening requirements for digital payment token service providers significantly after several high-profile failures among Singapore-licensed entities in the 2022-2023 crypto downturn.

The MAS case illustrates a structural tension in sandbox design: sandboxes create expectations of eventual full licensing that regulators may not be able to meet if the policy environment shifts. Firms that invested in Singapore-specific compliance infrastructure based on sandbox participation found themselves facing much stricter requirements than the sandbox period suggested.

The EU DLT Pilot Regime: Structural Limitations

The EU’s DLT Pilot Regime deserves detailed examination because it represents the most ambitious attempt to create a sandbox for tokenized securities at scale — and its results are the most instructive for understanding what sandboxes can and cannot achieve.

The DLT Pilot Regime, which came into force in March 2023, allows market participants to operate DLT-based trading and settlement systems under temporary derogations from existing securities regulation. Its purpose was to test whether blockchain-based market infrastructure could improve efficiency, reduce settlement times, and lower costs compared to the existing T+2 settlement model.

The results have been disappointing by the Commission’s own metrics. As of early 2026, only three infrastructure providers have received DLT Pilot authorization. The regime imposes a €6 billion cap on the total value of securities admitted to each DLT market infrastructure — a limit designed to ensure that pilot failures remain contained that also effectively prevents any DLT market infrastructure from achieving the scale required to demonstrate genuine cost advantages.

The reasons for limited uptake are structural. Existing market participants — CSDs, CCPs, exchanges — have limited incentive to build new DLT infrastructure while simultaneously maintaining their existing infrastructure for non-DLT participants. New entrants lack the settlement finality guarantees and regulatory status needed to attract institutional clients. The regulatory derogations offered by the Pilot Regime, while meaningful on paper, do not fully compensate for the legal uncertainty that persists around DLT-issued securities in cross-border contexts.

ESMA has recommended making the DLT Pilot Regime permanent and expanding its scope — a recognition that the time-limited pilot model is inadequate for infrastructure investments that require long planning horizons. This recommendation is itself instructive: the pilot created useful experience but also created investment uncertainty that limited its own success.

The ADGM RegLab: The Gulf Model

Abu Dhabi’s Financial Services Regulatory Authority created the RegLab in 2016 as part of ADGM’s positioning as a fintech hub. Unlike the FCA sandbox, which processes applications through cohorts, the RegLab operates as a continuous admission process with individualized supervision. Its scale is smaller than the FCA’s, but its graduation-to-full-licensing rate is higher, partly because Abu Dhabi’s regulatory ecosystem is less complex and the FSRA has more direct relationships with the financial services firms it oversees.

The RegLab’s most significant innovation has been in digital asset custody and tokenized real estate — areas where Abu Dhabi has genuine comparative advantage and where the RegLab was able to generate evidence that directly shaped FSRA’s subsequent licensing standards. Several globally significant digital asset custodians received their first regulated authorization through the RegLab before subsequently obtaining licenses in other jurisdictions.

The Honest Assessment

Across five major sandbox programs over ten years, the evidence supports several conclusions.

Sandboxes work best for product innovation within existing regulatory categories. They generate genuinely useful regulatory intelligence. They reduce time to market for incremental innovations. They establish relationships between regulators and innovators that improve the quality of both.

Sandboxes do not resolve fundamental questions about new regulatory categories. They do not create new legal frameworks — that requires legislation. They are more effective at filtering innovations that fit existing frameworks than at accommodating innovations that require entirely new frameworks.

The EU DLT Pilot Regime’s experience suggests that sandboxes with hard scale caps cannot generate the evidence needed to assess whether large-scale deployment would work — they are too small to test the thing they are supposed to test. ESMA’s recommendation to make the Pilot permanent rather than time-limited reflects the recognition that infrastructure investment cannot be made on the basis of temporary authorization.

The most durable impact of the sandbox model has been cultural rather than technical: regulators who ran sandbox programs developed more collaborative relationships with industry, more detailed understanding of emerging products, and more sophisticated analytical frameworks for assessing novel risks. That cultural change has improved regulation in ways that are difficult to quantify but are genuinely visible in the quality of frameworks like MiCA and the GENIUS Act.

That is not nothing. It is simply less than what the promotional materials promised.