“Regulatory Sandbox” of FMA to support digital change in Austria

An amendment to the Financial Market Authority Act (FMABG) establishes a “Regulatory Sandbox” at the Financial Market Authority (FMA), in which selected innovative companies can set up their business model for a limited period of time.

Download a Pdf version of our newsletter.

On 15 July 2020, the Austrian Parliament decided to set up a Regulatory Sandbox, which will enter into force on 1 September 2020. The Sandbox is a supervisory concept designed to enable the testing of innovative business models in line with regulatory requirements. The goals are to promote innovation, strengthen Austria as a business location, and ultimately also to provide the FMA with better insights into ongoing technological developments.

Companies that provide financial services in connection with the statutory supervisory areas of the FMA (i.e., banking, insurance, securities, and pension fund supervision) can use the Sandbox to test new business models and to clarify the extent to which the new business model complies with legal requirements. For this purpose, the FMA conducts tests, the parameters of which are designed with the participation of the Sandbox participant.


Interested companies must apply to the FMA for participation and meet the following requirements:

  • The business model must be based on information and communication technology. It must either be subject to the legal supervisory areas of the FMA or be developed by a supervised company.
  • The business model must be accessible to a supervisory assessment by the FMA, be in the interest of the national economy due to its innovative value (which must be justified separately by the applicant), and not be expected to endanger financial market stability or consumer protection.
  • It must be ready for testing, i.e., there must be no fundamental technical or legal obstacles (except under supervisory law). The applicant must confirm this by means of a declaration.
  • The applicant must provide credible evidence that the Sandbox can be expected to accelerate market maturity.
  • The sandbox must be expected to clarify open regulatory issues. The applicant must also name these as concretely as possible.

As a proof for the first two points above, the applicant must submit appropriate documents (e.g., business plans) and evidence as well as information.

Subsequently, a Regulatory Sandbox Advisory Board at the Ministry of Finance comments on the economic interest as well as the test and market maturity. The members of the Advisory Board are subject to a duty of confidentiality.

The FMA admits applicants to the Sandbox for a maximum of 2 years by means of an official decision. Participants must actively participate and, in particular, provide information, submit documents, and grant access to the technology.

If the business model requires a license, approval, admission or registration, the FMA may also grant a limited license, approval, admission or registration within the scope of its responsibilities. In addition, the supervisory authority may prescribe appropriate requirements, conditions, and time limits.

After granting such a license, approval, admission or registration or, if such a license, approval, admission or registration is not required, after inclusion in the Sandbox, the FMA, with the cooperation of the participant, shall determine the conditions for the test phase and define suitable test parameters and measurable goals for evaluating the implementation of the business model.

The financing of the Regulatory Sandbox is designed to support 5 candidates.

Digital strategy of the FMA

The FMA is pursuing a digitisation strategy which it outlined in its “Digital Roadmap” of 2017. As early as 2016, a “FinTech Contact Point” was established at the FMA, which serves as a “Single Point of Contact” to answer regulatory questions. After analysis of regulatory obstacles to technological progress, the possibility of video identification to determine the identity of customers was also created. The supervisory priorities of the FMA for 2020-24 also include technology-relevant topics, such as IT security.

While 5 EU Member States (and the United Kingdom) have already introduced Regulatory Sandboxes, their introduction in Austria has been delayed to 2019 due to political circumstances.

Criticism of the law implementing the Regulatory Sandbox

Although the Regulatory Sandbox is welcomed, comments have already indicated that such a Sandbox will only be accepted by market participants if the legal framework is appropriate. Although the law allows for further developments in the Sandbox, the protection of participants is not sufficiently ensured. Ultimately, it cannot be ruled out that participants may be punished by the FMA because of their business activities. At the same time, however, participants are subject to extensive information and disclosure obligations. Another criticism is that a comprehensive duty of cooperation applies to the participant without providing for an obligation of support by the FMA.

It remains to be seen how the Sandbox will be received by innovative developers.