NRB Issues Regulatory Sandbox Guidelines to Boost Fintech Innovation and Digital Financial Services

Kathmandu. Nepal Rastra Bank (NRB) has issued the “Guidelines on Regulatory Sandbox” to promote innovation in financial technology (fintech) and develop secure digital financial services. The guideline, issued by the Rastra Bank’s Payment Systems Department, has been in effect since May 14, 2026.

Previously released in draft form, the directive has now been finalized under NRB’s fourth strategic plan (2022–2026) after incorporating feedback from stakeholders and international practices. It provides a controlled regulatory environment for fintech startups and financial institutions to safely test new products before launching them in the market.

Who can participate?

Banks and financial institutions (BFIs), payment system operators (PSOs), payment service providers (PSPs), and remittance companies licensed by NRB are eligible to apply to participate in the sandbox. Similarly, newly registered fintech companies in Nepal that are not yet licensed by the central bank can also participate.

However, unlicensed fintech firms must partner with an authorized financial institution before testing. Applicants are required to meet “fit-and-proper” criteria. Accordingly, the company, its board members, and senior management must not be blacklisted, or if previously blacklisted, at least three years must have passed since removal. They must also have no pending criminal charges.

In addition, the company must employ at least two full-time technical staff, such as a developer and a cybersecurity expert. A project manager with at least two years of experience in fintech or regulatory technology (regtech) is also mandatory.

Which technologies can be tested, and which cannot?

The guidelines clearly outline eligible and ineligible technologies for sandbox testing. Eligible categories include APIs, mobile money services, retail payments, money transfers, digital KYC, digital identification systems, digital lending, smart contracts, embedded finance, regtech solutions, and cybersecurity-related products.

However, cryptocurrency, virtual assets, central bank digital currency (CBDC), and any products related to online betting or gaming are strictly prohibited within the sandbox.

Exemptions for Fintech

To encourage innovation, the Rastra Bank will provide temporary regulatory exemptions during the testing phase. Both licensed institutions and new fintech companies will benefit from exemptions related to minimum paid-up capital, liquidity requirements, licensing fees, escrow obligations, and management experience criteria. Participants will also receive simplified reporting processes and improved access to payment infrastructure at lower costs.

Duration and Process of Testing

The central bank will open applications under specific cohort themes. Applicants will have 45 days to submit proposals. Initial screening will be completed within 30 days, followed by final evaluation within the next 30 days. Selected applicants will be notified within three days of the final decision.

Approved companies will be allowed to test their products for up to six months, with a possible extension of another six months, if a written request is submitted at least 30 days before the expiry of the testing period.

Data Security and Compensation

Testing will be conducted using volunteer customers who must be fully informed about potential risks. Companies are required to establish clear compensation mechanisms in case users suffer any loss or harm due to the tested product.

Strict compliance with Anti-Money Laundering (AML) and Know Your Customer (KYC) requirements is mandatory. Upon completion of the testing phase or exit from the sandbox, all customer data collected must be permanently deleted.

Governance and Market Entry

A Sandbox Committee and an Inter-Departmental Sandbox Governing Committee will be formed under the leadership of the Director of the Payment Systems Department to oversee implementation and monitoring. Additionally, NRB’s Internal Audit Department will conduct annual evaluations of the framework.

After successful testing, a clear exit pathway has been set. Licensed institutions may launch products in the market after regulatory approval, while new fintech companies will receive a Sandbox Completion Acknowledgement certificate. Based on this, they can partner with licensed institutions or proceed with licensing to operate commercially in Nepal.

However, NRB retains the authority to revoke sandbox approval at any time in cases of serious negligence or data breaches affecting customer security. With this framework, the central bank aims to provide a structured and secure legal environment for the growth of Nepal’s fintech sector.

पछिल्लो अध्यावधिक: असार ५, २०८३ १३:२०