- The short — status & slots
- What’s being tested now (illustrative)
- Eligibility & evaluation matrix
- How to apply — week-by-week plan
- Risk, reporting & graduation paths
- FAQ
The short
- Status: The sandbox continues to run in themed cohorts with rolling intakes tied to problem statements (payments, MSME credit, regtech, cross-border, agri, and financial inclusion).
- Slots: Typical cohort size is small and selective; expect limited live-user counts and caps on transaction values.
- Timeline: Screening → test design → limited live testing (usually a few months) → exit/extend/graduate.
What’s being tested now (illustrative categories)
Payments
- Offline/spotty-connectivity payments with risk caps.
- Merchant presentment with dynamic QR + fraud analytics.
MSME & agri credit
- Alt-data underwriting using GST/e-invoice trails.
- Cash-flow based limits with automated drawdowns.
Regtech & compliance
- Continuous KYC refresh with consented data.
- Anomaly flags for mule accounts and synthetic IDs.
Cross-border
- Small-ticket, rule-bound remittances with caps and cooling-off.
- Purpose-coded flows and automated reconciliation.
Reality check Cohort specifics vary; the regulator sets test boundaries, caps, and reporting cadence per use-case.
Eligibility & evaluation matrix
| Criterion | What RBI looks for | What founders should prep |
|---|---|---|
| Novelty & benefit | Clear consumer or systemic gain | Baseline vs proposed; quantifiable KPIs |
| Readiness | MVP beyond paperware | UAT logs, pilot partners, support SLAs |
| Consumer protection | Consent, reversals, complaints TAT | Templates, workflows, sample comms |
| Risk control | Caps, throttles, kill-switches | Risk matrix + runbooks |
| Data governance | Privacy-by-design, logs, audits | DPA, DPIA, retention policy |
How to apply — week-by-week plan
- Week 1: Map your use-case to a live theme; write the “consumer harm reduced” one-pager.
- Week 2: Assemble partner letters (bank/NBFC/PSP) and sample user communications.
- Week 3: Draft test plan: cohort size, transaction caps, KPIs, and exit criteria.
- Week 4: Finalize risk controls (rate limits, velocity checks, block/allow lists); attach incident SOP.
- Week 5: Submit application; prep for clarifications and sandbox committee queries.
Risk & reporting during tests
- Daily/weekly MIS on usage, failures, reversals, and complaints.
- Immediate incident disclosure with customer remediation steps.
- Hard caps on exposure; dynamic throttles for anomaly spikes.
Graduation paths
- Exit: Test concludes; learnings documented; no further action.
- Extend: More time/data required within sandbox limits.
- Scale: Proceed to broader pilots under existing laws or with specific regulatory comfort.
FAQ
- Does sandbox approval equal license? No—approval is limited to test boundaries and timelines.
- Can we charge users? Typically yes, within caps and with explicit disclosures.
- What kills an application? Paper MVPs, unclear consumer value, weak risk controls, or non-compliant data handling.