RENUKA RAI | Thimphu
A new report by the International Monetary Fund has called for significant reforms to Bhutan’s fintech regulatory sandbox, saying the framework needs clearer legal backing, stronger governance and better coordination to effectively support innovation while safeguarding financial stability.
The findings are contained in a High-Level Summary Technical Assistance Report prepared after an IMF mission to the Royal Monetary Authority (RMA) from August 25 to September 2, 2025.
The mission was conducted at the request of the RMA to review and diagnose the effectiveness of Bhutan’s fintech regulatory sandbox (RS) framework and to recommend ways to strengthen it in line with the country’s broader digital transformation goals.
Bhutan launched its regulatory sandbox in June 2020 to provide a controlled space where innovative financial products and services could be tested under the supervision of the central bank.
The aim was to encourage responsible innovation in areas such as digital payments, financial technology solutions and other emerging services, while managing risks to consumers and the financial system.
According to the IMF report, the RMA has made progress in establishing the foundational elements of the sandbox. However, several structural and operational weaknesses are limiting its impact.
One of the key concerns raised by the IMF is the absence of a clear legal mandate for the sandbox.
While the framework was established through a board memo and Letters of Admission (LoA) issued to participants, the report notes that these documents do not clearly outline the legal basis for granting regulatory waivers or supervising non-licensed participants.
“There are no explicit provisions in the RMA Act 2010 or the Financial Services Act 2011 that define the RMA’s authority over sandbox participants that are not already licensed financial institutions. This creates uncertainty about enforceability and regulatory oversight,” it stated.
The mission also found that the sandbox lacks clear strategic alignment with the RMA’s core mandate, which includes maintaining financial stability, promoting market development and advancing financial inclusion.
The sandbox currently covers 12 types of activities, including both regulated and non-regulated services. The IMF described this scope as overly broad, especially for a small regulator operating with limited human and technical resources.
In the ongoing second cohort of sandbox participants, none had conducted live testing with real customers at the time of the review. Most were still working on proof-of-concept technologies or developing supervisory and regulatory technology tools.
The IMF noted that such projects might be better suited for innovation hubs or short-term technology sprints, rather than a full regulatory sandbox that requires licensing considerations and close supervisory engagement.
Governance weaknesses were another major theme in the report.
IMF stated the current structure places both strategic and operational responsibilities under the Steering Committee, which can blur lines of accountability.
Meanwhile, the Technical Evaluation and Coordination Committee is tasked with both assessing applications and supervising participants. The IMF pointed out that this dual role could create conflicts of interest and reduce the effectiveness of oversight.
Resource constraints were identified as a significant challenge.
The sandbox does not have a dedicated full-time team. Instead, staff from various RMA departments contribute on an ad-hoc basis, while continuing with their regular responsibilities.
This approach, the report said, limits the depth of supervision and follow-up that sandbox participants require.
The report also highlighted that Bhutan’s civil service has experienced high attrition rates in recent years, with skilled workers leaving for opportunities abroad.
This trend, the report stated, has put additional pressure on the RMA’s capacity to manage complex and evolving areas such as fintech regulation.
The IMF also found that the sandbox lacks a formal risk tolerance framework.
“There are no clearly defined thresholds for acceptable financial losses, operational failures or consumer risks during testing. Without such guidelines, it becomes difficult for the regulator to make consistent decisions about what risks are acceptable in the interest of innovation,” it said.
The report also noted the absence of detailed character and fitness requirements, operational readiness assessments and cybersecurity standards.
In addition, there are no clearly defined exit strategies outlining how companies should transition out of the sandbox, either into full licensing or termination of their projects.
Data privacy emerged as another area of concern. The report stated that intended sharing of anonymized customer data could raise legal and ethical issues if not supported by a strong legal framework and clear customer consent mechanisms.
Although the RMA has Data Privacy and Data Protection Guidelines 2021, the IMF indicated that more clarity is needed to ensure compliance and protect consumer rights.
Stakeholder engagement was also found to be limited. Banks and financial institutions reportedly expressed reluctance to share data or collaborate on solutions that they were not consulted on from the outset.
“Some institutions raised concerns about startups lacking adequate cybersecurity safeguards and operational standards.”
The IMF emphasized that without strong industry buy-in, the sandbox may struggle to generate practical and scalable solutions.
To address these challenges, the IMF recommended that the RMA begin with a comprehensive feasibility study. This study should assess whether a regulatory sandbox remains the most suitable tool for Bhutan, given its size, market maturity and resource constraints.
Alternatives such as innovation hubs, which provide guidance without regulatory waivers, or technology sprints focused on specific problems, could be considered.
If the sandbox is retained, the IMF advised establishing a clear legal mandate. This may require amendments to relevant laws or issuance of formal regulations that clearly define the RMA’s authority to grant waivers and supervise participants.
Governance structures should be reorganized to separate strategic oversight from operational management. The Steering Committee should focus on high-level policy direction, while a dedicated team handles day-to-day operations.
The Technical Evaluation Committee should concentrate on reviewing applications, with supervision assigned to a separate function to avoid conflicts of interest.
The report recommended creating a dedicated sandbox unit with full-time staff drawn from key departments. Clear roles, responsibilities and reporting lines should be established to ensure accountability.
The IMF also suggested narrowing the sandbox’s scope to focus strictly on regulated activities that require licensing and fall within the RMA’s mandate.
Projects that are purely technological or at an early development stage could be supported through an innovation hub under a broader “Innovation Facilitation Program.”
A formal risk tolerance framework should be developed, defining acceptable levels of financial, operational and reputational risk. Clear eligibility criteria, including character checks, fitness requirements and cybersecurity assessments, should be introduced.
Standard operating procedures, testing limits and defined exit pathways should be documented and communicated to participants.
The report emphasized the importance of structured consultation forums with banks and other financial institutions. Regular engagement would help align sandbox priorities with industry needs and improve trust and collaboration.
“Collaboration with the Government Technology Agency should also be formalized to ensure alignment with national digital initiatives.”
In addition, the IMF encouraged the RMA to strengthen regional partnerships and engage with international standard-setting bodies to stay updated on global best practices in fintech regulation.
“Capacity development programs for RMA staff should focus on emerging technologies, risk-based supervision and innovation management,” IMF stated.
The IMF further stated that it remains committed to supporting Bhutan in implementing these recommendations. The findings of the mission will also feed into Bhutan’s ongoing Financial Sector Stability Review.
A stronger sandbox or innovation program, the IMF suggests, could play a vital role in encouraging responsible fintech development, improving financial inclusion and maintaining public trust in the financial system.
