Do Regulatory Sandboxes Work? The Evidence from 50 Jurisdictions

The regulatory sandbox has become a policy panacea. When regulators want to demonstrate they are innovation-friendly without changing their core frameworks, they announce a sandbox. When politicians want to differentiate their jurisdiction as open for business, they champion a sandbox. When industry associations argue for lighter-touch regulation, they propose extending the sandbox. After a decade of proliferation, the sandbox is regulatory signalling as much as it is regulatory substance.

This matters because tokenization policy is deeply invested in the sandbox model. Proponents argue that sandboxes allow regulators to understand tokenized asset markets before regulating them. The evidence on whether this works deserves more rigorous examination than it typically receives.

Origins: FCA 2016 and the Innovation Logic

The UK Financial Conduct Authority launched the world’s first regulatory sandbox in 2016 under a specific institutional logic. The FCA was facing a dilemma familiar to all financial regulators: innovative fintech products were emerging that did not fit existing regulatory categories. Forcing them through existing authorisation processes either killed them with compliance costs, or pushed them into regulatory grey areas where consumers lacked protection.

The sandbox offered a third path. Selected innovative firms received time-limited authorisations to test their products with real customers under relaxed rules, with enhanced regulatory oversight. The bargain was explicit: regulators would suspend normal rules temporarily in exchange for better information about how the innovation actually worked, and firms would gain market-testing experience while operating within a monitored environment.

The FCA’s first cohort of 24 firms included peer-to-peer lenders, insurance technology firms, and early blockchain applications. The sandbox attracted significant international attention. Within three years, more than fifty jurisdictions had announced equivalent programmes.

How Sandboxes Work: The Mechanics

Sandbox applications typically require firms to demonstrate that their product is genuinely innovative, that it serves a clear consumer benefit, that it cannot be tested within existing regulatory frameworks, and that the firm has the technical and financial capacity to operate safely.

Legal relief granted varies by jurisdiction and product. Common forms include authorisation waivers (operating without a licence that would normally be required), product exemptions (offering products that would normally be prohibited), and reporting deferrals (simplified or delayed compliance with reporting requirements). The relief is time-limited — typically twelve to twenty-four months — with defined boundary conditions, including customer number limits, geographic restrictions, and investment caps.

Graduation from the sandbox requires firms to demonstrate that their product works as described, that consumers have been appropriately protected, and that the firm is ready for full regulatory compliance. Successful graduates receive either a new regulatory pathway created for their product type or authorisation under an adapted existing framework.

The MAS Singapore Model: Why It Is Considered a Gold Standard

The Monetary Authority of Singapore’s Financial Technology Regulatory Sandbox has been widely praised as the most effective sandbox globally. Several features distinguish it from lower-quality equivalents.

First, the MAS sandbox is connected to genuine regulatory reform. When firms graduate, the MAS has a track record of adapting its frameworks based on what it learned. The sandbox is not performative — it produces regulatory change. The MAS has modified capital requirements, product classification rules, and consumer protection frameworks based on sandbox experience.

Second, the MAS provides pre-application engagement. Rather than making firms guess whether they qualify, the MAS offers structured dialogue before firms invest in formal applications. This reduces wasted effort and improves the quality of applications received.

Third, the MAS sandbox is embedded in a broader innovation ecosystem — FinTech Festivals, Project Guardian for institutional DeFi, and strong coordination between the MAS and Economic Development Board. The sandbox is one component of a coordinated innovation policy, not an isolated gesture.

Fourth, the MAS has maintained quality control over applicants. Some jurisdictions have diluted their sandbox criteria to attract headline numbers of participants. The MAS has preferred a smaller, higher-quality cohort whose outcomes it can genuinely track and learn from.

The EU DLT Pilot Regime: Scale Without Uptake

The European Union’s Distributed Ledger Technology Pilot Regime, which entered into force in March 2023, represents a different variant of the sandbox model. Rather than a bilateral arrangement between regulator and individual firms, the DLT Pilot is a legislative sandbox — a temporary EU-wide regulatory framework that allows trading venues and settlement systems to operate tokenized securities under relaxed rules.

The DLT Pilot is architecturally ambitious. It creates three categories of market infrastructure that can apply for DLT exemptions: DLT Multilateral Trading Facilities, DLT Settlement Systems, and DLT Trading and Settlement Systems. Authorised operators can trade and settle tokenized stocks and bonds without the interoperability requirements that normally apply.

The problem is that only three entities had received authorisation in its first two years of operation. The DLT Pilot’s uptake has been dramatically lower than anticipated. The reasons illuminate what prevents sandboxes from working.

The DLT Pilot’s application requirements are extensive — essentially full regulatory authorisation for a restricted pilot activity. The liability regime is unclear. The maximum transaction limits are low enough to make commercial viability difficult. And the exemptions from key rules are narrower than firms need to genuinely test new operating models. The result is a sandbox that exists but is not used, providing regulatory cover without regulatory learning.

What the Evidence Actually Shows

The academic evidence on regulatory sandbox effectiveness is surprisingly weak, and the honest assessment is mixed.

Studies of the FCA sandbox show that participants receive regulatory authorisation at higher rates than non-participants and gain market entry more quickly. These are meaningful benefits. However, there is limited evidence that sandboxes produce more innovation than the counterfactual — a well-resourced innovation team at the regulator that engaged with firms without a formal sandbox structure.

The most consistent finding is that sandbox participation builds regulatory relationships. Firms that participate report that they understand the regulatory framework better and that they have clearer relationships with regulatory staff. These relationship benefits are real but do not necessarily require a sandbox — they could be achieved through simpler regulatory engagement programmes at lower cost.

What sandboxes are not good at is testing systemic risk. By design, sandboxes impose customer and transaction limits that prevent firms from reaching the scale at which systemic risks emerge. A crypto exchange with 1,000 sandbox customers under scrutiny behaves differently than an exchange with 10 million customers and regulatory gaps. The FTX failure was not a failure that a sandbox could have caught — it was a failure of offshore regulatory arbitrage at scale.

Design Features That Improve Sandbox Outcomes

The evidence does identify design features associated with better outcomes.

Clear graduation pathways matter enormously. Sandboxes that leave firms uncertain about whether graduation will produce ongoing permission, new frameworks, or just more uncertainty produce lower participation quality and less regulatory learning.

Regulatory commitment to act on findings is essential. If sandbox experience does not produce regulatory adaptation, there is no institutional incentive to run a rigorous sandbox. The regulator that learns from a sandbox cohort and then changes nothing has wasted everyone’s time.

International coordination improves outcomes. Firms operating in multiple jurisdictions find nationally siloed sandboxes restrictive. The GFIN Global Financial Innovation Network — which coordinates sandbox cohorts across participating regulators — has been more valuable for genuinely international products than any single national sandbox.

Active cohort management distinguishes excellent from mediocre sandboxes. Passive sandboxes that accept applications, grant limited waivers, and wait for results produce little learning. Active sandboxes that structure testing protocols, require specific data collection, and engage regularly with participants produce actionable regulatory intelligence.

For tokenization specifically, the sandbox question is whether regulators need temporary laboratories or need to commit to permanent frameworks. The more sophisticated jurisdictions — Singapore, the UK for institutional activity, and the EU through MiCA — have moved toward permanent frameworks. The sandbox served its purpose in building regulatory knowledge. The jurisdictions that remain in perpetual sandbox mode are delaying decisions they eventually cannot avoid.