The Securities Commission of Malaysia (SC) published the new Guidelines on Regulatory Sandbox on 17 February 2025, enabling fintech businesses to deploy capital market products or services in a sandbox environment.

The SC’s regulatory sandbox was first announced on 1 October 2024 during the SCxSC Summit, the SC’s annual fintech event. 

This article looks at the SC sandbox’s requirements including a summary of the expected conditions to be fulfilled by an applicant.

Overview of the SC’s regulatory sandbox

The SC provides regulatory oversight for Malaysia’s capital markets, which include diverse investment products like collective investment schemes, listed and unlisted equities, bonds, derivatives, and digital assets (e.g. cryptocurrencies).

An applicant may be a local or foreign fintech business that may wish to test a new innovative product or service within a controlled and supervised environment by the SC. 

In contrast, the Central Bank of Malaysia, a regulator which supervises financial institutions and related intermediaries such as banks and insurance companies, had  issued an updated Financial Technology Regulatory Sandbox Framework on 29 February 2024, covering fintech products and services that may fall under the Central Bank of Malaysia’s supervision. 

What  are the main benefits of the sandbox?

SC may exempt fintech applicants from specific regulations for the sandbox duration. This may assist an applicant who faces challenges in meeting existing regulatory requirements to experiment or roll out their products and services under a more relaxed regulatory framework, but within a well defined space and duration agreed with the SC. 

Additionally, the opportunity to engage with the SC’s team and the bilateral sharing of information may assist to shape a more practical regulatory framework in future. At the very least, it may lend insights into the regulator’s expectations on the application of existing regulations.

Who can apply to be in the sandbox?

The SC has set out eligibility criteria that must be satisfied by the applicant.

When it comes to the applicant, the entity and the senior management involved must have the necessary resources in place to implement the testing plan set out during the sandbox stage and commercialisation plan. 

The proposed product or service must fulfil the conditions such as new and intended for use in the Malaysian market, must be beneficial to the Malaysian capital market and does not fit any existing capital market regulations.

Also Read: Bridging the digital divide: Addressing Malaysia’s skills gap

Pre-consultation is mandatory before formal sandbox participation

An applicant must engage the SC to arrange for a compulsory pre-consultation before submitting the formal submission. 

A pre-consultation does not guarantee admission into the sandbox and is not a replacement for consultancy services or legal support. In other words, an applicant has to conduct its own due diligence and evaluation on how it will meet the evaluation criteria prescribed by the SC.

What to include in a business plan to the SC?

According to the SC’s Regulatory Sandbox Application Guide, the business plan should contain details on the applicant’s organisation, structure of its management team, capital market product or service to be offered, process flow of the model, and how the applicant fulfils the eligibility criteria.

In addition to the above, the Application Form for the Regulatory Sandbox sets out more detailed details that will need to be addressed and specified by the applicant in the application.

For instance, it is crucial for an applicant to highlight how the proposed product or service to be tested under the sandbox may not fully fit or will be in breach of any existing regulatory framework or could not be complied with (i.e citing such specific regulation or law to highlight areas of non-compliance).

How to apply to be in the sandbox?

After the pre-consultation meeting, the applicant can submit the relevant application form and supporting documents and information as set out in the via email and physical format to the SC. 

When to apply to be in the sandbox?

According to the SC’s website, submissions will open on 15 April 2025 until 31 May 2025. The review may be expected to take around 30 working days or longer depending on the proposal. Successful applicants will receive at least 12 months’ testing period, allowing a real world testing plan under controlled environment.

In contrast, there is no time limit for a fintech business to apply to the Central Bank of Malaysia’s regulatory sandbox.

Also Read: US tariffs on semiconductors and autos put Malaysia’s trade at risk

What happens after the sandbox?

The legal requirements relaxed by the SC during the sandbox stage will likely expire, unless an extension period is granted by the SC. If the test meets the goals presented to the SC, the participant would likely be offered to be regulated and roll out the product or service in Malaysia, as required by the law. 

If the goals are not met, or the applicant fails to comply with the SC’s conditions during the sandbox, the applicant may likely need to cease its service and wind down the business based on the agreed cessation plan submitted to the SC. 

Any other issues to be mindful of?

An applicant must ensure that all the directors, major shareholders and senior management of the applicant fulfils the fit and proper criteria set out by the SC.

Additionally, the applicant must demonstrate their readiness to offer the product or service and have a testing plan (including key milestones, outcomes, and timelines of the test, type of clientele/ investors, infrastructure and technology to be deployed, human resources etc. to demonstrate readiness to test and to carry out its operations).

Considering that the proposed product or service may usually be delivered via an online platform, the SC expects the applicant to implement governance controls, frameworks, policies and procedures commensurating to its business and in compliance to the SC’s Guidelines on Technology Risk Management. Therefore, the applicant must have robust and sound cybersecurity measures in place.

Final thoughts

Fintech businesses applying to the SC’s new regulatory sandbox should consult a legal counsel to assess their business plan, particularly to identify specific regulatory impediment in Malaysia’s legal landscape related to their proposed capital market product or service. This ensures compliance and help address potential regulator queries during evaluation.

Interested applicants should refer to the SC’s Regulatory Sandbox section to obtain all relevant information and documents including the guidelines and the application form on the sandbox programme.

—

Editor’s note: e27 aims to foster thought leadership by publishing views from the community. Share your opinion by submitting an article, video, podcast, or infographic.

Join us on Instagram, Facebook, X, and LinkedIn to stay connected.

Image credit: DALL-E

The post Securities Commission of Malaysia’s new regulatory sandbox summarised appeared first on e27.