Engelman Berger Blogs

The Arizona legislature recently signed into law the nation’s first fintech regulatory sandbox, which started accepting applications on August 3, 2018. Participants in the sandbox will enjoy a reprieve from many of the licensing and regulatory burdens of companies in the financial sector, so the program offers a great incentive for financial technology (aka, “fintech”) companies to settle and operate in Arizona. This is the fourth in a five part series on how to apply and participate in the sandbox. If you are new to the series, go back and read the first three parts, which discuss the history of sandbox programs, the benefits of participation in the Arizona sandbox, and eligibility requirements. This part four will explain the application process, and part five will address how to comply with the rules once you are in the sandbox. The official website for the fintech sandbox was recently launched and can be viewed HERE, and the full text of the law can be viewed HERE.


Applying for the sandbox is pretty straightforward: complete a separate application form for each innovation you plan to test, and pay a $500 application fee. The $500 fee will be deposited by the attorney general into the Consumer Protection-Consumer Fraud Revolving Fund, which is a fund used by the attorney general for operating expenses for consumer protection division.

Applications are reviewed by the attorney general’s office on a rolling basis, and decisions will be rendered within ninety days. Under A.R.S. §41-5603(J), the attorney general has absolute discretion to deny an application, and there is no process to appeal the denial. This means that your application better be polished from square one. However, there does not appear to be any restriction on re-applying following a denial, so in theory you can keep submitting new applications (paying a fresh $500 fee each time) until you are admitted.

The application form essentially has two parts: (1) describe your company and its employees, and (2) describe the innovation you will be testing. You are permitted, but not required, to supplement your application with “Supporting Documents.”

Description of Your Company

This section of the application generally requests basic identification and contact information, like the state of incorporation, addresses, federal tax ID, etc., most of which is simple enough for anyone to complete. However, there are a few sections that warrant scrutiny. First, you must designate a contact person for inquiries by the attorney general, and a contact person to handle consumer complaints. These roles can be filled by the same person, and in either case you should take the designation very seriously. Maintaining good standing in the sandbox will probably require quick and careful responses to all complaints and inquiries. These designated contacts will be on the front lines, and will be the first, and sometimes only, person to interact with the attorney general and/or consumers about any problems with your innovation. Make sure the person you appoint has the time to address inquiries quickly, the regulatory knowledge to respond to them accurately, and authority within the company to mandate any necessary internal changes.

Second, you must identify and describe the duties of all “Active Managers,” who are defined as:

any individual or entity, paid or unpaid, that: (i) is primarily responsible for Testing the Product or Service; (ii) has direct supervisory authority over the staff Testing the Product or Service; or (iii) serves as an officer or director of the business or business unit that is Testing the Product or Service.

You must similarly identify “Key Personnel,” who are defined to include Active Managers and any person that owns 15% or more of the company. Before submitting your application, you should ensure that none of your Key Personnel have any black marks on their record. The application specifically requires you to disclose whether any Key Personnel have a felony conviction, have had a civil judgment, order, sentence or even settlement agreement relating to “fraud, money laundering, or a breach of fiduciary duty or trust,” or have been the target of government investigations or regulatory actions relating to financial goods and services. If at all possible, you should take steps to ensure that the people responsible for implementing and overseeing the innovation do not have this type of checkered history. If that is unavoidable, then you should supplement your application with Supporting Documents that demonstrate why the Key Personnel’s history will not undermine the attorney general’s mandate to ensure that consumers are protected.

Third, you must disclose whether you are already licensed to provide a similar service in another state. The attorney general will probably use this information to contact the governing regulatory authority in that state to discover whether you have ever been subject to negative agency action. If you are a larger institution, it is entirely possible you have been the recipient of numerous consumer complaints and/or regulatory censures. We do not yet have any guidance from the attorney general’s office on how they will evaluate this type of history, but I would imagine that they will focus not only on the volume and nature of complaints/censures, but also on how you responded to regulatory issues in the past. Do you respond to complaints quickly? Did you timely comply with all regulatory orders? If this is a concern, you should coordinate with your regulatory department or compliance officer to prepare documentation to explain negative regulatory events.

Fourth, you also need to disclose whether you will be working with, or licensing any technology from, third parties as part of the innovation. These should also be closely scrutinized. Do any of your commercial partners have a history of negative regulatory action or been repeated targets of government investigations? This information will surely be discovered during the attorney general’s review of your application, so be prepared in advance to answer any tough questions that may arise from your choice of commercial partner.

Description of Your Innovation

This section is the real meat of the application, and will probably require the help of an attorney or someone well versed in the regulatory regime normally applicable to your innovation. There are seven subparts:

  1. About Your Product or Service
  2. Explain How Your Product or Service is Eligible for the Sandbox
  3. About Your Testing Plan
  4. Describe the timeline of the proposed Testing plan and key milestones for the Product or Service given the two-year Testing period and any possible extensions.
  5. What is Your Consumer Protection Plan?
  6. What is Your Exit Plan?
  7. What records and data will You keep in the ordinary course of business?

In this portion of the application you should keep in mind that, underlying all of the specific requests, the attorney general’s office is broadly evaluating whether your innovation offers real benefits to consumers, and whether it is likely to satisfy licensing requirements after completing the sandbox. Therefore, you should tailor your application to clearly demonstrate not only that your testing plan is designed to yield a completed product at the end of the two year testing period, but that you have safeguards in place to protect consumers if things do not proceed according to plan. You should probably also avoid unrealistic projections and overly effusive descriptions of your innovation. Rather, it is better to acknowledge the risks and challenges facing your innovation, because doing so will help demonstrate that you are adequately equipped to address them.

I should also note that your application and any other records submitted to the attorney general will not be considered “public records” generally open to inspection by the public. Therefore, you should feel relatively free to be forthcoming in your application, without fear that some unfavorable piece of information will immediately show up in media headlines. Be aware, however, that these records can be disclosed to state and federal agencies, appropriate agencies of foreign governments, state auditors, and in response to a subpoena.

Getting into the sandbox can be a challenge. You may need to solicit the help of an attorney to ensure your application is completed correctly, particularly if you are a startup or early stage company without experience navigating applicable the regulatory regime. If you do get admitted, then you need to put procedures in place to ensure that you comply with the sandbox’s requirements. More on that will be coming soon in the fifth and final installment of this series.

About the Author: Michael Rolland is a member of the civil litigation and commercial transactions practice groups with the law firm of Engelman Berger, P.C. Michael has a special interest in the intersection of technology and the law, and writes on tech law issues.



Disclaimer: This blog is not legal advice and is only for general, non-specific informational purposes. It is not intended to cover all the issues related to the topic discussed. If you have a legal matter, the specific facts that apply to you may require legal knowledge not addressed by this blog. If you need legal advice, consult with a lawyer.