What the Proposed North Carolina Regulatory Sandbox Could Mean for Fintech and the Financial Services CommunityTechnology is booming and financial technology (“fintech”) is advancing society in new and innovative ways. In 2021 alone, North Carolina has been the target for some very high-profile technology announcements, including Google’s plans to open a cloud engineering hub in Durham and Apple’s new campus in Research Triangle Park. Given the upward trajectory of this financial technology boom, it seems that the “innovation” business is ripe for opportunity — an opportunity that appears poised to take off in North Carolina with the newly proposed regulatory sandbox.

A regulatory sandbox allows companies and entrepreneurs to test emerging technologies, products, services, or business models at the leading edge of (or even outside of) an established regulatory framework. Sandboxes have popped up across the country — from the first U.S. regulatory sandbox in Arizona in 2018 to Kentucky, Nevada, Utah, Vermont, and Wyoming in 2019 to Florida and West Virginia in 2020 — as a way of incentivizing technological and economic development in the state by breaking down the barriers to market access often faced by creative business models and startups. North Carolina is one of the most recent states to investigate the potential economic benefits of becoming an innovation hub. Although North Carolina tried and failed to implement a sandbox in 2019, the 2021 iteration seems more likely to succeed given the growing number of peer states that have since adopted, or are currently working on, comparable sandbox-creating legislation.

North Carolina’s Regulatory Sandbox Act of 2021 (the “NC Sandbox Act”) seeks to establish a more flexible regulatory environment for the financial services and insurance industries within the state, with the intention to both bring more business and economic growth to the Tar Heel state coupled with expanding North Carolina citizens’ access to products, services, and unique business models not currently widely available nationwide.

The proposed NC Sandbox Act is currently pending before the Committee on Commerce, so here is what you should know:

Purpose and Applicability

The NC Sandbox Act would permit an applicant to temporarily test an innovative financial product or service, making such product or service available to a limited number of consumers on a limited basis without subjecting the applicant company to certain licensing or other regulatory obligations otherwise imposed under applicable state law.

If passed, the NC Sandbox Act will only apply to entities that are both regulated by the Department of Insurance or the Office of Commissioner of Banks and offering a product or service that falls within the definition of an “innovative product or service,” which means that the entity is using a new or emerging technology, or is providing products, services, business models, or delivery mechanisms not currently widely accessible to the public.

Establishment of North Carolina Innovation Council

The NC Sandbox Act proposes to create an “Innovation Council,” which, if enacted, would be an 11-person council tasked with setting the standards, principles, guidelines and policy priorities for the regulatory sandbox, as well as approving admission into the program. Interestingly, early analysis of the bill expressly mentions authorizing the Innovation Council to focus on blockchain initiatives (here’s a legislative analysis of SB470).

Innovation Waiver Applications

The application fee for admission into the regulatory sandbox program is $50. In determining whether to admit an applicant, the Innovation Council will consider six main factors:

  1. The nature of the innovation product or service proposed to be made available to consumers, including the potential risk to consumers;
  2. The methods that will be used to protect consumers and resolve complaints during the sandbox period;
  3. The entity’s business plan, including availability of capital;
  4. Whether the entity’s management has the necessary expertise to conduct a pilot of the innovative product or service during the sandbox period;
  5. Whether any person substantially involved in the development, operation, or management of the innovative product or service has been convicted of or is currently under investigation for fraud or state or federal securities violations; and
  6. Any other factor that the Innovation Council or the applicable state agency determines to be relevant.

By tasking the Innovation Council with the responsibility of considering consumer protection in addition to economic growth when evaluating applicant entities, proponents of the legislation seemingly attempt to avoid some of the criticisms that surrounded the 2019 sandbox proposal.

Applicants must also have a physical presence in North Carolina. A waiver of specified requirements imposed by statute or rule may be granted as part of entry into the program and would be valid for the duration of participation in the regulatory sandbox, but likely would not exceed 24 months.

Impact on the Financial Services Sector in North Carolina

The regulatory sandbox would aim to support innovation, investment, and job creation within North Carolina, with the greatest emphasis falling within the financial services and insurance sectors. It has the potential to foster early partnerships between the existing North Carolina financial firms and the fintech companies participating in the sandbox program. Lastly, it may afford North Carolina regulators the opportunity to gain deeper knowledge and experience with emerging fintech and financial trends.

More to Come

The proposed legislation also addresses sandbox program requirements, consumer protections, record requirements, privacy, and other initiative and obligations in more detail. As mentioned above, the legislation is currently pending before the committee, and Bradley is closely monitoring this legislation and will provide continuing coverage of the proposed bill in the coming weeks and months. If passed, the legislation could become effective October 1, 2021.

If you have any questions, please reach out to the authors, Erin Illman, Lyndsay Medlin, or Lissette Payne.

Print:
EmailTweetLikeLinkedIn
Photo of Lissette C. Payne Lissette C. Payne

Lissette Payne is an attorney in Bradley’s Banking and Financial Services Practice Group. She is designated as a Certified Information Privacy Professional by the International Association of Privacy Professionals, with U.S. Private Sector (CIPP/US) and European (CIPP/E) concentrations.

Lissette received a J.D. from…

Lissette Payne is an attorney in Bradley’s Banking and Financial Services Practice Group. She is designated as a Certified Information Privacy Professional by the International Association of Privacy Professionals, with U.S. Private Sector (CIPP/US) and European (CIPP/E) concentrations.

Lissette received a J.D. from the University of North Carolina School of Law, where she was president of the Hispanic/Latino Law Student Association, co-chair of the Student Bar Association’s Multicultural and Diversity Committee and a member of the Hispanic/Latino Law Student Association Moot Court Team. She received her B.A. in Political Science from the University of North Carolina at Chapel Hill.

Photo of Erin Jane Illman Erin Jane Illman

Erin Illman is a dynamic problem solver with a strong understanding of U.S. and international private-sector privacy laws and regulations and the legal requirements for the transfer of sensitive personal data to/from the United States, the European Union and other jurisdictions. She regularly…

Erin Illman is a dynamic problem solver with a strong understanding of U.S. and international private-sector privacy laws and regulations and the legal requirements for the transfer of sensitive personal data to/from the United States, the European Union and other jurisdictions. She regularly advises clients on CCPA, GLBA, HIPAA, COPPA, CAN-SPAM, FCRA, security breach notification laws, and other U.S. state and federal privacy and data security requirements, and global data protection laws. In addition to providing proactive privacy and information security compliance and legal advice, Erin manages privacy-related enforcement actions and litigation. Her practice includes representing companies in reactive incident response situations, including insider cybersecurity threats, electronic and physical theft of trade secrets, and investigation, analysis, and notification efforts with respect to security incidents and breaches.

Photo of Lyndsay E. Medlin Lyndsay E. Medlin

Lyndsay Medlin assists clients across industries with a variety of litigation, internal investigation, and compliance needs. Her experience includes assisting clients with drafting and developing policies and best practices to ensure compliance and prevent litigation; investigating and responding to internal whistleblower allegations, federal…

Lyndsay Medlin assists clients across industries with a variety of litigation, internal investigation, and compliance needs. Her experience includes assisting clients with drafting and developing policies and best practices to ensure compliance and prevent litigation; investigating and responding to internal whistleblower allegations, federal civil investigative demands, and state regulatory inquiries for financial services, healthcare, life sciences, and government contractor clients, and working closely with clients across industries to protect their business interests nationwide. With privacy and cybersecurity becoming paramount concerns for businesses, Lyndsay is also skilled at counseling clients regarding the nuances of privacy notices, protection of customer and client personal information, and for covered financial services clients, Bank Secrecy Act/Anti-Money Laundering compliance.