A regulatory sandbox is a supervised environment in which innovators can test new products, services, and business models under relaxed regulatory requirements for a defined period, with appropriate consumer protections. Kenya has been a pioneer in regulatory sandbox development in Sub-Saharan Africa, with active sandboxes operated by the Central Bank of Kenya (CBK), the Capital Markets Authority (CMA), and the Communications Authority (CA). The sandbox frameworks allow Kenya to remain at the forefront of financial technology innovation while managing regulatory risk.

The CBK Regulatory Sandbox

The Central Bank of Kenya launched its Regulatory Sandbox Framework in September 2019 under the National Payment System Act and its amendments. The CBK sandbox allows fintech companies to test innovative payment and financial products with real customers under supervisory oversight for a period of up to 12 months, which may be extended. The sandbox has been used by mobile lending platforms, digital bank account providers, cross-border remittance innovators, and open banking API providers.

CBK Sandbox Application Requirements

To be admitted to the CBK sandbox, an applicant must: be a company incorporated in Kenya; have a genuinely innovative product that cannot be adequately tested under existing licensing frameworks; demonstrate a credible consumer protection plan; have the technical and financial capacity to deliver the proposed product; and show that there is a realistic pathway to full regulatory compliance post-sandbox. Applications are assessed by a dedicated CBK Fintech team, and admission decisions are typically made within eight to twelve weeks of a complete application.

Sandbox Operating Conditions

Sandbox participants operate under a Sandbox Agreement with the CBK specifying the permitted activities, customer limits, geographic boundaries, monitoring requirements, and exit criteria. Participants must submit monthly progress reports to the CBK and must immediately report any consumer harm, security incident, or material deviation from the agreed test parameters. At the conclusion of the sandbox period, the participant either graduates to full licensing or exits the market.

The CMA Regulatory Sandbox

The Capital Markets Authority operates a Regulatory Sandbox under the Capital Markets (Regulatory Sandbox) Regulations 2019. The CMA sandbox targets innovations in capital markets including: digital securities issuance and trading platforms; robo-advisory and AI-driven investment platforms; real-time settlement systems; tokenised investment products; and crowdfunding platforms. The CMA sandbox period is 12 months, extendable by the CMA at its discretion.

CMA sandbox graduates that successfully complete the testing phase may apply for the appropriate CMA licence (dealer, investment adviser, fund manager, or a new licence category created specifically for their business model). The CMA sandbox has attracted significant interest from regional fintech companies seeking a CMA-regulated pathway for capital markets innovations.

The Communications Authority Sandbox

The Communications Authority of Kenya operates a regulatory sandbox for telecoms and digital services innovations that require testing in the CA’s licensed spectrum environment. The CA sandbox is particularly relevant for IoT innovators, spectrum-sharing technologies, 5G use case developers, and over-the-top (OTT) service providers testing models that interface with licensed telecoms infrastructure.

Benefits of Regulatory Sandbox Participation

Participation in a regulatory sandbox provides innovators with several significant advantages over operating outside the sandbox. Sandbox participants receive regulatory certainty for the period of the sandbox agreement, protection from enforcement action for activities covered by the sandbox agreement, direct access to the regulator’s technical and legal teams, and guidance on the regulatory pathway post-sandbox. For investors and potential partners, sandbox admission is a signal of regulatory credibility that significantly de-risks the investment decision.

Common Reasons for Sandbox Rejection

Regulatory sandboxes receive more applications than they admit. Common reasons for rejection include: the product is not genuinely innovative and could be delivered under an existing licence; the applicant does not have adequate consumer protection mechanisms; the proposed scale of testing is too large or presents systemic risk; the applicant does not have the technical capacity to execute the proposed test; or the applicant’s business model is inconsistent with the regulator’s policy objectives. A well-prepared sandbox application addresses each of these potential grounds for rejection explicitly.

Our regulatory compliance practice advises fintech companies and innovators on sandbox applications to the CBK, CMA, and CA. For businesses in the technology and startups sector, the regulatory sandbox is often the most efficient route to market for genuinely novel products. For related financial services regulatory advisory, our team provides end-to-end support from application to graduation.