To Sandbox or not to Sandbox, that is the Insurtech question


Regulation is one of the most important aspects of the Insurance industry.  I have written about it before and also touched on it in my 2018 predictions.

Prediction #8 Regulation

Regulators have been taking a more active role in understanding Insurtech.  2018 will be the year that they start honing it in. I see there being more regulation in general that relates to customer data protection.  The increased use of wearables, sensors and telematics will call for it. By the same token, I see more regulators coming out with rules on how the increased data can be used for pricing purposes.  

Prediction #8.1 – Perhaps call it a wishlist item.  The US will get its first regulatory sandbox. I’m not sure where it would be, but I would say that top candidates would be New York, Connecticut, Massachusetts, Iowa and California.

While regulation is not the most fun topic to talk (or write) about, it is necessary in ensuring both consumer protection and solvency of carriers.  

The Insurance industry is regulated more than almost any other industry out there (heck, we are seeing the problems with big tech not being regulated that highly unfold before our eyes and the conversation of how/what to regulate within it is picking up).  

The Insurtech movement has brought along innovation from emerging technologies that we have not seen before within our industry.  It’s exciting times for all, but not without its risks.

As quoted in this article, Jonathan Dixon, Secretary-General of the global Insurance standard-setting body, IAIS, stated, “The fast pace of change presents a challenge for regulatory frameworks. Supervisors must remain alert to these changes and consider how these new business models and new actors in the value chain impact regulatory objectives such as data protection, cybersecurity and policyholder protection, to name but a few.”

One of the ways some regulators are going about this is the regulatory sandbox, a concept which I am a huge fan of.

The concept of a regulatory sandbox makes it more possible for the regulator and Insurtech startup/technology firm (and in some cases the incumbent) to work on an initiative in an enclosed environment before the product/service hits the masses.  

For an industry as highly regulated as ours, it seems like a good idea.

And it is.

But a sandbox can only hold so many businesses within it.  

Further, it’s not the only way to drive an innovation initiative to get regulators happy.

Last week, I attended an event at Plug and Play, affectionately called ‘Bridge the Gap’. The intention was to create a dialogue between the U.S. regulators, incumbents and some of the technology startups in attendance.  

As Mike Consedine, CEO of the NAIC stated at the beginning of the event, ‘the conversation is about helping to get the ecosystem that we all want to get to and having a system that allows for innovation and entrepreneurship that at the same time protects those traditional views of insurance regulation focused on consumers and solvency’.  

Innovation and regulation can often seem at other sides of the spectrum.  It is important to bridge the gap between the two.


Because ultimately, if an innovation initiative is undergone without proper understanding or approval from the regulator, then it can be shut down.   

This week, I take a look at:

  • What are the jurisdictions that have a sandbox?
  • What is a regulatory sandbox and what is the point of it?
  • What should an Insurtech startup do when it comes to regulation?

What are the jurisdictions that have an Insurtech and/or Fintech sandbox?

Hong Kong




Abu Dhabi



Thailand (couldn’t find an English version and here is an article explaining more about it)

In addition to the above, it seems as if Indonesia and Switzerland have them and Japan is working on one.  The state of Arizona in the U.S. has one too, but we’ll come to the U.S. later.  

Did I miss any?  Please let me know.

What is a regulatory sandbox and what is the point of it?

There are quite a number of articles already explaining what a sandbox is.  The two that I found that are quite interesting are:

  1. Regulatory Sandboxes — a Global Stocktake by Latham and Watkins (this one also includes the specific nuances of some of the jurisdictions mentioned above)
  2. Debunking 6 Myths on Regulatory Sandboxes or RegLabs by Kabir Kumar, Director of Policy & Ecosystem Building, Omidyar Network

As mentioned in the first article, ‘Sandboxes aim to foster innovation and competition, and to help ensure that regulators understand how innovative firms are evolving and can adapt regulatory rules, if necessary and appropriate, to better suit the evolving landscape.’

This leads me to my first point about sandboxes – they are to help regulators in understanding ongoing innovation, emerging technologies and their impact on customers and the Insurance value chain.  

As I quoted Mr. Consedine earlier, ‘having a system that allows for innovation and entrepreneurship and at the same time protects those traditional views of insurance regulation focused on consumers and solvency’ is of utmost importance to the NAIC and pretty much any regulator out there.  

Innovation in the Insurance industry (and the world) is happening at a pace quicker than most of us can keep up with (not just the regulators).

The difference about the public keeping up with innovation and a regulator keeping up with innovation, is that the public can choose not to use emerging technologies in it’s day to day activities (i.e. I don’t need to use drones, AR/VR, etc if I don’t want to).  However, a regulator must know about these emerging technologies and how to govern them if Insurance carriers and/or Financial Institutions want to use them in their day to day operations.  

Most regulators are equipped to handle consumer protection related manners and solvency requirements, but may not have all the experience from a technical standpoint to know how these emerging technologies affect consumer protection and solvency.  

As such, a sandbox allows regulators to monitor a startup’s new technology in an effort to identify whether that technology fits within current regulation or whether the regulation and/or application of that technology need to be changed in order to protect the consumer.

As Ted Nickel, Commissioner of Insurance for the State of Wisconsin stated during the Plug and Play event, ‘A lot of what you are doing may be okay and may fit within our existing regulatory framework. That’s where conversations, with the regulator, help to confirm that and/or perhaps where a tweak at the edges (can) make it fit within the existing framework.’

The second point I would like to highlight as the point of a sandbox has to do with Mr. Nickel’s comment above, as well as the first ‘myth’ in the second article at the beginning of this section, ‘Myth 1: Businesses in sandboxes get regulatory relief’.

A common misconception is that a sandbox waives regulatory requirements for technology firms that participate in it.  That is simply not the case. The regulator may waive certain components of regulation when a technology firm participates in a sandbox and while it is in a control environment, however when the firm leaves the sandbox, they must ensure they are fulfilling all the laws that the government imposes that their specific technology touches.  

What should an Insurtech startup do when it comes to regulation?

At the onset of my time covering Insurtech, I thought the regulatory sandbox was the best tool to help with innovation within the Insurance industry.

I still think it’s good and most countries should have them.  It’s a way for a regulator to understand an emerging technology and it impacts the overall value chain.

While I think it’s good, it still does have limitations.  

After all, how many technology firms (whether startups or more established) are trying to enter the world of Insurance at the moment?  

And how many employees do regulators have? (I don’t have the numbers for all of these but it’s ‘a lot’ and ‘not as many as there are technology firms’).  

Regulators simply don’t have the bandwidth to sandbox all the firms wanting to enter our industry. In the U.S., it is particularly difficult.

As Mr. Nickel also mentioned during the event, ‘We have 56 jurisdictions in the U.S.  My fear of having the state regulators working on some sort of U.S. sandbox is that we would have to negotiate the work of building a model law, which often takes years. By the time we create a national sandbox model, all innovation will be done.’  Now, the last part may be taking the extreme view (all innovation will be done), but he is right; setting up a sandbox takes time.  

The good thing is, both the regulators and Insurance carriers want to see innovation happen.  Our industry needs it and consumers want it.

So, here is my advice:

  1. For startups/technology that are offering a new product/service (either via MGA or full-stack), you are going to have to get approval anyway.  Engage the regulator early and often. Perhaps even use a tool/resource like FilingMate to help.
  2. For startups/technology firms that are offering a B2B platform, read the laws that may govern your solution and as with number 1, engage with the regulator early and often.  If you are working with an incumbent carrier, they will already have an existing relationship with the regulator and can help drive those conversations.  If they haven’t mentioned it in your initial interactions with them, bring it up. They may be impressed that you are equally as interested in this as they are (or should be)
  3. For incumbent carriers and reinsurers, continue to engage the regulator on your innovation initiatives to ensure you are in compliance.  I had multiple innovation initiatives that I led in my last corporate role in which we engaged with the local regulator to find out what/if any requirements we needed to fulfill before going live.  In many cases, the B2B platforms (such as claims automation, new customer portals, etc) may not need specific approval from a regulator and may already fit into current regulation. However, rather than guessing if this is the case, it’s better to pick up the phone (or send an e-mail depending on your regulator’s preferred choice) to find out what you need to do to safeguard yourselves and your customer. The last thing you want to do is have your initiative shut down because the regulator finds out you are doing something they are not comfortable with.

Bottom line is, you don’t need a sandbox to speak with the regulator about your innovation agenda and/or solution.  If you are in one, great.  If you are not, your regulator should be more than open to speak with you about it – it is in their best interest to do so too.

(Have a look at the end of this article for some practical tips from the NAIC too on this!)


It’s an exciting time to be in the Insurance industry.  We are seeing all sorts of new technologies come into the value chain to enhance and disrupt the modus operandi of how we do business.  

At the same time, regulation is key for our industry.  After all, our industry provides a purpose and protection to society that no other industry provides.

As such, this means that our innovation efforts and use of emerging technologies must be used in such a way that gives consumers the protection they need and the peace of mind that we promise.  

If we can’t continue to give them those two things with these emerging technologies and innovation, then what’s the point of doing it?

Image Source

Stephen Goldstein is an experienced Insurance executive and Insurtech dealmaker with a core focus on growing revenue, launching go to market initiatives and advising industry leaders.

Get fresh daily insights from an amazing team of Fintech thought leaders around the world. Ride the Fintech wave by reading us daily in your email.

Here are some practical tips provided by the NAIC during the Plug and Play event.  I reckon these would be applicable in most countries (however best to check with your local regulator! :))

2018_Plug and Play_Insurance Regulation BASICs copy

2018_Plug and Play_Insurance Regulation BASICs 2 copy

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.