- The short — where the bar sits now
- Where the sandbox stands (clean snapshot)
- Eligibility matrix & red lines
- Week-by-week application plan
- Graduation paths & what “success” looks like
- FAQ
The short
- Momentum: Recent cohorts skew toward risk, compliance automation, and MSME credit pipes.
- What wins: Clear customer harm reduction, measurable compliance lift, and tight data-risk controls.
- What stalls: Weak KYC/consent posture, synthetic data without provenance, and bank-less pilots.
Where the sandbox stands
| Item | Early-Oct status (indicative) | Operator read |
|---|---|---|
| Active theme mix | Regtech/KYC · MSME credit rails · Cross-border LRS UX | Bias to supervision & inclusion |
| Selection rate | ~10–20% of complete applications | Quality over volume |
| Time to onboarding | ~8–12 weeks from complete pack | Front-load due diligence |
| PSU/private bank partners | Growing pool; NDA heavy | Secure at least one LoI before filing |
| Graduations | Incremental, theme-dependent | Define success metrics up front |
Eligibility matrix & red lines
Must-haves
- Incorporated Indian entity (or recognized academic/consortium arm).
- Working prototype; reproducible test plan; UAT-ready builds.
- Data rights and consent flows mapped; PII minimization plan.
Red lines
- Unlicensed deposit-taking, leverage, or shadow bank behavior.
- Crypto exposure that bypasses extant frameworks.
- Weak AML/CFT controls; no audit trails.
Week-by-week application plan
- Week 1 — Fit & partner: Lock theme, draft “harm reduced” statement, secure a bank/NBFC LoI.
- Week 2 — Data & risk: Publish data provenance, consent logs, and retention schedule; DPIA signed.
- Week 3 — Tech pack: Reproducible Docker image, API spec, test cases, rollback/runbooks.
- Week 4 — Submission: Cover note (metrics, cohorts, safeguards), founder KYC, cap table, incident policy.
Attach Bank/NBFC LoI · DPIA · InfoSec controls · Customer communication templates · MIS dashboards
Graduation paths & “success” metrics
| Path | Metric | Threshold (illustrative) | Why it matters |
|---|---|---|---|
| Pilot → Scale with partner | Risk event rate | < 5 bps vs baseline | Demonstrates harm reduction |
| Policy note/clarification | Audit coverage | > 95% events logged | Supervisory visibility |
| Multi-bank rollout | Time-to-KYC | −30–50% vs control | Real customer benefit |
FAQ
- Can pre-revenue startups apply? Yes, if prototype, partner LoI, and data governance are strong.
- Is production data required? Prefer test datasets; if production is needed, add consent and masking plans.
- What if the partner backs out? Keep a backup LoI; disclose promptly and propose revised timelines.