Guidance on the operation of the Digital Securities Sandbox

1: Introduction

This document provides guidance for firms participating in the Digital Securities Sandbox (DSS), including both firms which enter the DSS to become a sandbox entrant and those which interact with these Financial Market Infrastructures (FMIs) but do not become sandbox entrants themselves (eg, their prospective members). This document reflects the views of the Bank of England (the Bank) and the Financial Conduct Authority (FCA) (together the ‘regulators’) in outlining the operational policy of the DSS.

Firms should have regard to this document when applying to become, or interacting with, a sandbox entrant. Firms should note that this document is intended to be guidance and may be amended by the regulators. This guidance should be read in conjunction with the requirements under The Financial Services and Markets Act 2023 (Digital Securities Sandbox) Regulations 2023 (DSS Regulations) and the Bank’s DSS rules instrument.

Persons engaging with a Digital Securities Depository (DSD) should note that DSDs are not required to meet the same standards or requirements as a Central Securities Depository (CSD). The level of service or protections offered by a DSD could therefore differ from those that a user would expect of a CSD. This is explained further in Section 3 ‘The Bank’s approach to supervisory assurance at Gate 2’. Before choosing to engage with a DSD, users should take into account this difference in risk relative to equivalent services outside the DSS.

Users of DSDs and other market participants should expect a higher risk of failure and operational disruption relative to activity outside of the DSS. However, any broader, systemic disruption from DSS activity will be contained as long as DSDs stay within their limits and are able to appropriately manage risks created though linking into the financial system (for example through cyber contagion or knock-on impacts of asset losses). The Bank will supervise DSDs to achieve this.

Note: a reference to a DSD should be read to include any sandbox entrant that successfully passes through Gate 2 and obtains approval as a DSD. This includes a firm which undertakes other regulated activity from the same entity it operates as a DSD, whether inside and/or outside the DSS, such as a hybrid entity.

2: Structure of the DSS

Overview of the stages and gates of the DSS

The DSS is composed of different stages of permitted activity, reflecting the Bank’s approach to managing financial stability risks. There will be a series of gates for sandbox entrants to move through to progress from one stage to the next, with the amount of permitted activity increasing with each stage. This glidepath will enable sandbox entrants to eventually graduate from the DSS to a possible new permanent regime if they meet the relevant standards.

The DSS is structured in five main stages and four ‘gates’ between those stages (see Table A for a summary).

A firm will pass through the following stages from first applying to become a sandbox entrant to operating in a possible new permanent regime outside of it:

• Initial application stage.
• Testing stage applying for authorisation to operate a trading venue, and to become a DSD.^{footnote [1]}
• Go-live stage.
• Scaling stage.
• Operation outside the DSS under a possible new permanent regime.

Although each firm will pass through the same stages, the applicable processes and requirements for a firm in each stage in the DSS will depend on its business model.

The activities in scope of the DSS allow for a firm to: (1) perform notary, maintenance and/or settlement activities; (2) operate a trading venue; or (3) combine both into a hybrid entity. Firms may, in addition to these activities, carry on ‘ancillary FMI activities’, discussed further below.

As the framework governing the operation of a trading venue is not being modified for the purposes of the DSS, the FCA considers it unlikely that a firm only intending to operate a standalone trading venue would be accepted into the DSS as a sandbox entrant. This is explained further under ‘Initial application stage and Gate 1: Application to become a sandbox entrant’.

To progress through the stages of the DSS, a firm will need to pass through a series of gates at which they will be required to demonstrate their ability to meet higher regulatory standards to supervisors. Each gate has different requirements that are a pre-requisite to moving onto the next stage. These are:

• Gate 1: Application to become a sandbox entrant and begin testing.
• Gate 2: Approval to begin live activities in the DSS.
• Gate 3: Application to increase limits and scale up activity.
• Gate 4: Approval for operating outside DSS under a possible new permanent regime.

The extent of a firm’s approval to participate in the DSS will be outlined in its Sandbox Approval Notice (SAN) (see section on the Sandbox Approval Notice).

Table A: Stages and gates of the DSS

The DSS journey for a hybrid entity

As set out above, sandbox entrants will be able to combine the activities of CSD and the operation of a trading venue into one hybrid entity. Figure 1 gives a stylised example of what a hybrid entity should expect as it progresses from its application to become a sandbox entrant at Gate 1 to obtaining authorisation to operate a trading venue and becoming a DSD at Gate 2.

A firm wishing to operate as a ‘hybrid entity’ must complete both the Bank and the FCA’s processes to obtain the necessary permissions and approval to operate both a DSD and trading venue. Firms should consider these timings when making plans to progress through the DSS and discuss likely timelines with the regulators.

Figure 1: Pathway from entry to exit for a hybrid entity in the DSS

Sandbox Approval Notice (SAN)

At the point a firm passes Gate 1 and becomes a sandbox entrant, a SAN will be issued to it by the appropriate regulator. The SAN will act as a ‘visa’ for a sandbox entrant and outline key information about the firm’s approval to participate in the DSS, such as whether a firm can operate as a standalone DSD or ‘hybrid entity’. At this point, a firm will know what business model it can undertake in the DSS provided that it obtains the necessary permissions and approval from the regulators to pass through Gate 2.

On passing Gate 2, the process for the updating of the sandbox entrant’s SAN depends on its business model.

A sandbox entrant seeking to undertake DSD activities will have its SAN updated by the Bank as appropriate once it has passed Gate 2 to reflect the fact it has been approved to undertake the activities of a CSD (ie notary, settlement, maintenance).

A sandbox entrant seeking to operate a trading venue in the DSS will have its SAN updated once the FCA is satisfied that it holds the necessary permissions to do so. In practice, this can only happen at Gate 2 – the point at which the Bank gives approval to undertake activities as a DSD.

The sandbox entrant will need to complete the FCA’s authorisation assessment or have engaged the FCA to determine that no variation of permission (VoP) are required. It is important to note that from an FCA perspective the SAN will not in itself grant the firm any permissions to undertake regulated activity in the capacity of an authorised person. Therefore, those wishing to understand the extent of a firm’s permission to undertake regulated activity as an authorised person should continue to consult the Financial Services Register.

At a minimum, the SAN of a firm will (at Gate 2) include the following information:

1. The FMI activities to which the approval relates to, specifically:
   • Operating a trading venue and/or
   • Undertaking one or a combination of the activities of a CSD:
     • initial recording of a security in a book-entry form or forms of recording of securities using developing technology (ie, notary service);
     • providing and maintaining securities accounts at the top tier level (ie, central maintenance); and
     • operating a securities settlement service (ie, settlement service).
2. Any ancillary FMI activities which the sandbox entrant is given approval to undertake under the modified framework.
3. Any further approvals, modifications or variations of an approval.

Where relevant, the SAN of a firm may also contain any restrictions in place, as well as any conditions or limitations, including limits^{footnote [2]} allocated to the sandbox entrant.

The regulators will publish the SANs of sandbox entrants on their respective websites. The DSS Regulations also require a sandbox entrant to state publicly that it is approved to participate in the DSS.

Approach to updating or amending a SAN

Where a sandbox entrant wishes to expand the scope of its DSS activities, it will need to request an update to its SAN and may also require separate engagement with the regulators to obtain the necessary permissions for its new activities. For example, a firm operating a hybrid entity which wished to expand its business model to include an additional class of financial instrument which is not approved in its SAN would need to both ensure its SAN was adequately updated and that its Part 4A permission covered that activity.

In the case of a firm operating only as a DSD, the Bank is responsible for approving changes to the SAN (examples may include, for instance, if a DSD were to submit a request to the Bank to outsource a core service to a third party or extend its activities, but will engage with the FCA where appropriate.

The process by which the regulators may choose to modify a SAN at their own initiative is addressed in the ‘Approach to supervision and enforcement in the DSS’ section.

Although each regulator is responsible for the activity for which they are the appropriate regulator, we would expect a degree of overlap in relation to some ancillary activities. Regulators will share the outcomes of their supervisory decisions with one another to ensure consistency in their approach to sandbox entrants in line with the agreed Memorandum of Understanding. In the case of a ‘hybrid entity’, the regulators will work together to update or amend the SAN.

Ancillary FMI activities

Where a sandbox entrant wishes certain ancillary activities to be included in their SAN, they should make clear why they require these activities to benefit from the modified framework and the scope of the proposed activities, including whether they are for the purpose of enabling the core functions of the DSD. In some cases, we may include these activities in a firm’s SAN subject to certain conditions (such as the firm having or obtaining relevant Part 4A permissions under FSMA).

3: The stages of the DSS

This section provides additional guidance on each stage of the DSS.

Initial application stage and Gate 1

A firm that wishes to enter the DSS must apply to become a sandbox entrant via a joint application form accessible directly through the FCA website or via a link on the Bank’s website.

DSS eligibility

As specified by Regulation 3(2) of the DSS Regulations, the following types of FMI entity, where they are established in the UK, are eligible to apply to become a sandbox entrant:

1. A recognised investment exchange that is not an overseas investment exchange.
2. A recognised CSD.
3. A person who has a Part 4A permission^{footnote [3]} to operate a multilateral trading facility (MTF) and is an investment firm.^{footnote [4]}
4. A person who has a Part 4A permission to operating an organised trading facility (OTF) and is an investment firm.

In addition to the FMI entities listed above, under Regulation 3(3) of the DSS Regulations the regulators have determined that other persons established in the UK are also eligible to apply to become a sandbox entrant. However, those persons must obtain the required authorisation from the FCA and/or approval from the Bank before passing Gate 2 and undertaking any regulated activity.

The DSS is therefore not restricted to those entities explicitly listed in Regulation 3(2) and is open to both existing authorised or recognised firms and new entrants to this market. The regulators are open to applications from firms of all sizes and at all stages of development. The regulators welcome applications from a wide range of applicants. There is nothing precluding technology providers or other unregulated firms from applying to become sandbox entrants, provided they meet the eligibility criteria, apply for the necessary permissions, and are able to meet the relevant requirements. Firms that apply for entry to the DSS should note that they are applying to conduct regulated activities and under any possible new permanent regime that may be devised, they would likely exit the DSS as regulated financial market infrastructure providers.

Technology providers may also offer their services and products to sandbox entrants to help them deliver their services in the DSS. Where this is the case, technology providers would not necessarily be expected to apply for entrance to the DSS themselves. Rather, they may supply such services and products as ‘third party suppliers’. In this instance, such technology providers may not be directly supervised by the regulators. However, the supervisory approach to outsourcing – where the ability of a DSD to deliver essential business services and keep these operating to required resilience and recovery standards – will apply. Outsourcing requirements are set out in the DSS Rules and in CSDR Policy and tools (where such rules are not varied in the DSS). The Bank will have a proportionate approach to regulatory assurance levels sought. The FCA’s rules on outsourcing remain unchanged for the DSS.

We encourage all firms to familiarise themselves closely with the relevant requirements and guidance for those activities they seek to undertake in the DSS. This will help to ensure applications are as complete as possible. We encourage firms to carefully consider whether the scope of their proposed activities in the DSS may require other regulatory permissions (such as those which fall under Part 4A of FSMA 2000).

Notwithstanding the above, applicants must be legal persons established in the UK and obtain the relevant permissions or approval before undertaking any regulated activity. If an applicant is not a legal person established in the UK,^{footnote [5]} their application will be rejected. Consequently, branches of firms that are not established in the UK are not eligible to apply to become a sandbox entrant. However, the DSS Regulations do not introduce any limitation on the extent to which overseas firms can engage with a sandbox entrant, provided they comply with the existing regulatory requirements. A consortium of firms would need to establish a single UK entity.

Type of activities and financial instruments in the DSS

The applicant must intend to operate a trading venue and/or undertake notary, settlement or maintenance activities in the DSS.^{footnote [6]}

The types of financial instruments that may be used in connection with FMI activities in the DSS (FMI sandbox instruments) are those listed in Part 1 of Schedule 2 to the Financial Services and Markets Act 2000 (Regulated Activities) Order 2001 (RAO) except for those instruments set out in paragraphs 4–10. Derivatives are therefore not eligible to be considered an FMI sandbox instrument under the DSS Regulations unless they also fall under paragraph 1 of Part I of Schedule 2 to the RAO.

The provision of FMI activities in relation to cryptoassets which do not qualify as financial instruments are not in scope of the DSS. Firms that provide such services in addition to activities eligible for the DSS should do so from a separate legal entity which will not be a DSS applicant.

As such, the financial instruments which the applicant proposes to admit to its FMI in the DSS must be those permitted by the DSS Regulations. Instruments can be denominated in any currency, except those for which there are sanctions in place. For domestic government debt, regulators will confirm consent with the relevant home regulator and/or issuer before activity can take place. Settlement for the asset can be in any currency for which the sandbox entrant is able to support physical settlement, subject to approval by regulators (see Section 4 for more details).

Additional information to be assessed by the regulators

Alongside considering whether an applicant is eligible to apply to the sandbox, an applicant’s application will also be assessed by the regulators against the following information accompanying the application:

• Removing regulatory or legal barriers or obstacles: the applicant should generally demonstrate that there are regulatory or legal barriers or obstacles to the use of developing technology such as DLT when undertaking the activities in scope of the DSS. The regulators’ threshold to assess this will be whether these barriers or obstacles prevent the firm from operating their optimal business model outside of the DSS. The intention of this criterion is to exclude applicants who are seeking to use the DSS to launch FMIs that could just as effectively operate within the unmodified framework. For example, a firm would need to demonstrate their proposed settlement system is likely to be incompatible with the unmodified requirement set out in Article 3 of the CSDR for transferable securities to be recorded in book-entry form. Although we will generally expect applicants to be able to demonstrate the existence of regulatory or legal barriers, the regulators are prepared to consider applications in appropriate cases even where the relevant activity could lawfully be carried on outside the DSS – for example, where it may be desirable for that activity to develop in an environment where benefits and risks related to it can be observed by the regulators.
  
  As stated earlier in this document, given that no requirements relating to the operation of a trading venue have been modified, the FCA considers it unlikely a firm only wishing to operate a standalone trading venue and settle transactions at a traditional CSD or a DSD operated by another sandbox entrant would be accepted into the DSS as a sandbox entrant. In the event that a firm disagrees with this assessment, the FCA would expect the firm to clearly set out in its application what modifications it would benefit from by being a sandbox entrant and this will be considered on a case-by-case basis.
  
  
• Supervision and enforcement record: the regulators will consider the supervisory record of applicants and any past enforcement action taken against them. This will apply to all applicants. If the regulators become aware of any adverse information, this will be taken into account and can result in the rejection of the application. This refers to any potential causes for concern, such as criminal or financial sanctions, severe regulatory misconduct or other relevant adverse information which may be discovered.
  
  The regulators may reject an application at Gate 1 on the basis of such findings if they are considered to be sufficiently material so that approving the person as a sandbox entrant would be inconsistent with the policy intent underlying the DSS, which includes protecting market integrity and financial stability, as well facilitating innovation to promote a safe, sustainable and efficient financial system. The decision on whether to grant or reject an application at Gate 1 will ultimately turn on the specific facts and any material concerns identified. While modifications to legislation are made for participating entities, the firms still need to adhere to the same regulatory requirements (except where disapplied or modified) and regulatory principles as comparable firms outside the DSS. Participating firms will therefore be supervised by the regulators according to their respective objectives.

It is important to note that the assessments at Gate 1 and Gate 2 have different purposes and so will be different in scope, and it is envisaged that the assessment at Gate 2 will consider a broader range of information. As was set out in the consultation, the DSS is divided into a series of gates for sandbox entrants to move through to progress from one stage to the next, with the amount of permitted activity increasing with each stage. Gate 1 is the initial application for firms to enter the DSS, after which successful applicants will become sandbox entrants. Until they pass Gate 2, those firms will not be able to commence live activity in the DSS, but will have the certainty that their business model is appropriate for the DSS. Success at Gate 1 does not prejudge success at Gate 2, nor should it be interpreted as the regulators’ view on the likelihood of the applicant subsequently passing Gate 2. At Gate 2, unauthorised persons who require Part 4A permissions in order to operate their proposed DSS business model will be assessed by the FCA against the Threshold Conditions, which will include a determination of whether the applicant is a fit and proper person. It is therefore possible that an applicant who is not an authorised firm and who successfully passes the background checks at Gate 1 can subsequently be unsuccessful at Gate 2.

If an application is unsuccessful, applicants can make a new application at a later date but would be expected to pay again the £10,000 fee to the Bank.

Testing and preparations stage and Gate 2

Having passed Gate 1, in the testing and preparations stage, firms are approved as sandbox entrants but do not have any new permissions to undertake live FMI activities. The purpose of this stage is to ensure firms can begin testing their systems, engage with supervisors, and prepare to meet the expected regulatory and supervisory outcomes at Gate 2.

Sandbox entrants that want to undertake notary, maintenance and/or settlement activities as a DSD need to complete the relevant application process with the Bank to demonstrate their ability to meet the Bank’s Gate 2 requirements. If successful, the sandbox entrant will become a DSD and move into Go-live stage (please refer to the sections below that provide additional detail on the DSD application process).

Similarly, the FCA requires firms wishing to operate a trading venue (combined with becoming a DSD) to demonstrate that they hold the necessary permissions to meet the Gate 2 requirements and move into the Go-live stage. Depending on the firm’s existing status, this may require:

1. Applying for authorisation under FSMA to operate a trading venue. The application process for a Part 4A permission remains unchanged.
2. For authorised persons with permission to operate a MTF/OTF or RIEs; engaging with their FCA supervisors, who in some circumstances, subject to a supervisory review of a change to its business model, may determine that such persons are already able to undertake their desired activity in the DSS. However, this will be considered on a case-by-case basis and in some cases a VoP may be required.

When assessing whether an applicant meets the Threshold Conditions set out in FSMA 2000, the FCA will undertake a proportionate and considered review of the firm’s business model, operations and people. The FCA does not take a ‘one size fits all’ approach and will take into account, among other factors, the proposed scale of the firm’s activity, the complexity of its products, its client base, its corporate structure and its links to other persons. What is deemed appropriate under the Threshold Conditions for a new market entrant in the DSS is therefore likely to differ from what is expected of an established firm with high levels of activity outside of it.

The FCA is committed to helping new market entrants to navigate its authorisations assessment process as quickly and effectively as possible. Although the statutory timeframe under FSMA to determine an application in twelve months remains unchanged for the DSS, if the application is complete, the FCA will usually assess it within six months. A high-quality, considered and complete application is therefore the most effective means of obtaining a timely determination. Firms seeking to operate a trading venue in the DSS, but which do not have permission to do so, are encouraged to seek a pre-application meeting with the FCA ahead of submitting a Gate 1 application. This will give applicants advance notice of what is required of them to obtain authorisation at Gate 2 and allow them to ask the FCA any questions about the process, which should in turn help them to submit a more complete application.

To support a smooth assessment of the application for authorisation and minimise requests to provide further information or clarifications, a firm should demonstrate to the FCA that they are ready, willing and organised (please see the FCA’s website for more details on what this means for your application).

The Bank’s approach to supervisory assurance at Gate 2

The Bank’s calibration of Gate 2 requirements for DSDs accounts for limits that will be in place. The Bank’s Gate 2 requirements for DSDs, as published in the final Bank DSS Rules instrument, are designed to ensure firms can demonstrate a minimum level of preparedness to undertake live activity and to be able to wind down in an orderly way. The Bank is also planning to make additional rules for Gate 3 and to publish a revised draft Gate 4 (end state) set of rules once the DSS has been up and running for at least 12/15 months.

Although the Bank has not set a time by which the approval an application at Gate 2 must be determined, it aims to assess DSD applications against Gate 2 rules within four months. However, where applications are incomplete, or there are delays in producing further information required for the assessment, these timeframes will be longer. As above, a high-quality, considered application and timely, open communication thereafter is the most effective way to ensure an assessment within the suggested timeframes.

To support transparency with the industry, including potential entrants into the DSS and their participants, the Bank can share the following information about its approach to assessing firms at Gate 2. However, the Bank notes that it will amend its approach to supervision through the life of the sandbox as it learns from the activity and business models in the DSS. It should also be noted that a sandbox entrant which is also regulated by the FCA, for activity inside and/or outside the DSS, will continue to be supervised for those activities by the FCA and need to satisfy any requirements which apply to it as an authorised person or RIE. The FCA’s approach to authorisation will continue to apply.

The Bank’s rules set out the standards for sandbox entrants it regulates in the DSS. The Bank notes that its approach to gaining assurance that firms are meeting these standards will be based on the objectives of the DSS, the financial stability risks that firms present at Gate 2, and a proportionate use of the Bank’s resources. In particular, its focus at Gate 2 will be to seek to ensure that:

1. limits in the DSS operate in practice, given the Bank’s view that financial stability risks from the DSS are largely mitigated by those limits, and
2. that the risks that can spill over to other parts of the financial system due to the way that DSS firms can interact with them (for example through cyber risk, or knock-on impacts of asset losses) are managed appropriately.

In line with this approach, the Bank will require firms seeking to become DSDs to self-attest and explain how they comply with the DSS rules. The Bank will then focus its assurance work on:

• Breaches to firm-specific DSS limits – limits are our main mitigant against financial stability risks. Breaches could arise from a lack of effective technology controls or poor governance around upholding limits.
• Cyber contagion – the Bank will seek assurance against concerns about cyber threats spreading to the financial ecosystem due to weaknesses in a DSD’s cybersecurity capabilities. This includes spreading contagion to participants or other FMIs eg through business emails (ie so-called phishing attacks). The size of the risk depends on the DSD’s cyber resilience posture as well as that of the participants of the DSD rather than the volume of business it is doing – hence may not be mitigated by limits.
• Significant asset losses – loss of assets may impact market integrity and or confidence in the DSS. This risk could crystalise through data corruption, theft of assets, or weak controls around the segregation of assets.

The Bank will expect firms to demonstrate in their application at Gate 2 and subsequently, how they mitigate and manage these risks in particular.

In addition, it is the Bank’s expectation that any proposal that has non-professional (retail) clients directly participating in a DSD will attract substantive additional scrutiny, given the additional risks potentially arising from such a business model. The Bank will require firms to demonstrate whether any incremental risks to retail clients, for instance around asset protection, as well as appropriate standards in respect of anti money laundering (AML) and know your customer (KYC), have been appropriately addressed in the business model proposed.

Following engagement with the Bank, one of three outcomes will result:

1. Accepted: if a sandbox entrant clearly demonstrates they meet Gate 2 requirements, they become a DSD and receive an updated SAN detailing their approval to undertake CSD activities and the appropriate limits that apply to them initially. An entrant’s approval may be subject to conditions imposed to manage risks in the DSS. Any such conditions will be set out in the entrant’s SAN.
2. Rejected: where a sandbox entrant is not able to demonstrate compliance with Gate 2 requirements, their application is rejected and reasons are provided for the rejection, such that they may be able to apply again to show how they comply with the requirements subject to a grace period.
3. Further information required to make an assessment: where a sandbox entrant is able to demonstrate compliance with most Gate 2 requirements, but the Bank needs further information to allow the firm to become a DSD.

Upon becoming a DSD, sandbox entrants can undertake live activities in line with any approvals (or restrictions) as set out in their SAN and subject to any individual limits allocated to them. Where approval is given for any ancillary FMI activities, as defined in the DSS Regulations, this will be set out in the SAN. Firms may be required to seek additional authorisations for certain ancillary services (see Section 2, ‘Ancillary FMI Activities’).

A hybrid entity will require approval from both the FCA and the Bank (according to the processes described above) to commence live activity.

Table B provides a high-level summary of the minimum standards in place at Gate 2.

Table B: Examples of Gate 2 requirements

Sandbox entrants may choose to request exemptions from Bank rules if they identify regulatory barriers for their business model in the DSS rules. However, firms should be aware that the Bank expects this to happen on an exceptional basis, and subject to its supervisors being convinced that the firm’s business model genuinely does require the exception to operate, and that the business can still manage risks in line with the standards required in the DSS rules.

Go-live stage and Gate 3

Operating within Go-live limits

For key Sterling fixed income asset classes, DSDs will operate within a Go-live limit range (Table C). The Go-live limit range for each DSD will be a portion of the overall capacity of the DSS in each key Sterling asset class. These ranges will be uniform across DSDs operating at Go-live stage to ensure fairness, consistent with the regulators’ objective of facilitating innovation to promote a safe, sustainable and efficient financial system by accommodating a variety of new and innovative business models. However, a DSD’s operating limit within the range may vary based on demonstrated operational need. When a DSD is first approved to undertake live activity, their operating limit will be set as the lower bound of the range. When a financial instrument matures, the DSD can reuse that limit capacity for other issuances.

Table C sets out the ranges for a DSD for corporate bonds and gilts. For asset-backed securities and short-term money market instruments, the upper bound of the range may be set at a later date based on demand to operate in those asset classes.

As equity capacity is calculated on a per-stock basis (for FTSE 350 companies), Go-live limits on those stocks will need to be calibrated to the specific application, and therefore will be discussed when sandbox entrants apply to operate in that asset class.

Limits for other asset classes, and activity denominated in non-sterling currencies, are still being calibrated. Guidance will be updated once these are finalised.

DSDs that wish to facilitate issuances above their initial Go-live limit will be required to submit a request to regulators outlining the expected volume of DSD activity that will justify an increase. In Gate 2, there will not be a further requirement to meet a higher standard of requirements than those set out at Gate 2. Therefore, decisions will be made based on an operational basis, based on the aggregate level of activity and the need to reserve some capacity for firms progressing beyond Gate 3.

In Gate 3, access to limits above the Gate 2 limit ranges will require a DSD to meet Gate 3 requirements at the review points (see section on Gate 3 review points). When a financial instrument matures, the DSD can reuse that limit capacity for other issuances. DSDs that wish to undertake activity in asset classes other than those specified in Table C must approach the Bank setting out the scope of their proposed activity. The Bank will then consider whether and what limits are prudent to set on the firm’s activity.

The Bank will review its approach to limits within three years of the launch of the DSS to ensure its approach is consistent with the level of participation and activity in the DSS. This review will apply to all areas of our approach to limits.

No limits are expected to apply to the activity of trading venues including when operating a hybrid entity. As stated above, the FCA does not expect a trading venue-only model to be accepted into the DSS as a sandbox entrant.

Gate 3: Review Points and increased limits

Once Gate 3 rules have been published, the Bank, at the appropriate time, will open a window for DSDs to apply to enter the scaling stage (known as the Gate 3 review point). On reaching this stage, DSDs can receive an uplift in limits allocated to them in any asset class for which limits have been previously set. This window will be the first ‘review point’ of the DSS and will likely open 15–18 months after the DSS opens for applications. These review points are created to allocate capacity fairly in the DSS. DSDs that miss this review point will need to wait for a subsequent review point (see Figure 2).

To apply for the increased limits, DSDs should demonstrate that they meet the Gate 3 rules. The Bank anticipates it will publish draft Gate 3 rules and a revised draft version of the Gate 4 (end-state) rules once the DSD has been up and running for at least 15 months. At Gate 3, a higher set of risk management and governance standards will be imposed.

Details of the Gate 3 rules will be laid out ahead of the first review point by the Bank and applied via the revised SAN.

At a Gate 3 review point, one of following three outcomes will apply to a DSD:

1. Accepted: DSD meets the requirements set out in Gate 3 rules and receives an amended SAN with higher limits.
2. Accepted subject to improvements: DSD close to meeting the Gate 3 requirements, and may receive conditional approval allowing them access to higher limits subject to the fulfilment of targeted improvements to meet our regulatory expectations, for example, appropriate adjustments to their risk management and/or governance standards.
3. Rejected: DSD clearly does not meet the Gate 3 requirements and/or is unlikely to meet them soon. The DSD must operate within its existing limits until the next review point.

DSDs that are accepted (with or without conditions) will be allocated additional Gate 3 limits by the Bank, in consultation with the FCA. The size of those limits will be subject to the overall capacity limits of the DSS for any given asset class as well as the number of firms operating in that asset class and any significant changes in market conditions.

DSDs that are not able to apply for Gate 3 or have been rejected at the first review point can apply to enter the scaling stage at the next review point. These will take place, subject to demand and regulator resourcing constraints, at specific intervals after the first Gate 3 assessment. The dates will be finalised in due course and communicated publicly. However, the final review point is currently intended to take place between June and August 2027.

The final Gate 3 review point will also coincide with a review of overall limits in the DSS (see Figure 2). Depending on the outcome of that review, the individual limits for all DSDs in the scaling stage could be revised.

At the last Gate 3 review point, the DSS will shut to new entrants. Existing sandbox entrants that have already passed Gate 1 may still pass Gate 2 and become a DSD, or operator of a trading venue where relevant. However, there will not be additional opportunities for DSDs to move past Gate 3 into the scaling stage after the last review point. This is to allow sufficient time for those existing DSDs that have passed Gate 3 to be ready to apply for authorisation to operate under a possible new permanent regime at the end of the DSS.

DSDs in the scaling stage will be allocated any unused DSS capacity (see Figure 2 below).

DSDs who do not reach the scaling stage but wish to undertake notary, maintenance and/or settlement activities outside of the DSS when it ends can consider applying directly for authorisation under a possible new permanent regime.

Figure 2: Intended DSS timeline ^(a)

Footnotes

• (a) The timelines given in the the figure are indicative only. The Bank intends to maintain a flexible approach to the Gate 3 review points.

Scaling stage and Gate 4

Once a DSD is in the scaling stage, they would have demonstrated that they have met Gate 3 requirements. As stated above, they can be granted higher limits in the asset classes they are operating in. Figure 3 illustrates how this may work.

Figure 3: An illustrative example of firm-specific limits scaling

As DSDs begin to reach their limits in the scaling stage, it is expected that they begin to prepare for operation in a permanent regime after exiting the DSS. The draft end-state rules, which the Bank will have published at that point, should be used by firms as a guide for a new permanent regime. However, the regulators will learn from the DSS and keep sandbox entrants informed of plans to provide for as smooth a transition as possible at the end of its term.

Authorisation in a possible new permanent settlement regime

As DSDs progress through the scaling stage, they will be held to standards closer to what will likely be expected under a possible new permanent regime and under which DSDs (including a hybrid entity) would be able to apply for authorisation to operate outside the DSS. His Majesty’s Treasury’s (HMT) has the power to make permanent the modifications made in the DSS. This would require HMT to lay a statutory instrument, having first reported to Parliament on the DSS.

Exiting the DSS

The aim of the DSS is to support safe innovation in trading and settlement in traditional wholesale markets and the regulators will endeavour to make the transition to any new permanent regime as smooth as possible. Some sandbox entrants will be able to scale safely in the DSS and transition to operate outside of it as and when HMT makes permanent amendments to the legislative framework. However, the regulators anticipate that there may also be sandbox entrants that might not be able to transition to operate outside the DSS or otherwise need to exit the DSS through wind down. Sandbox entrants may choose not to continue their activity in the DSS for commercial reasons and will need to wind down in an orderly fashion to achieve that outcome.

A DSD will have to successfully pass Gate 3 to start to ready themselves for authorisation under any new permanent regime. Any evidence gathered during this time could then be used as part of the authorisation process under any new permanent regime. Firms should note that the authorisation process itself, including the required quantity and quality of evidence, may also be reviewed as part of designing any new regime.

As mentioned previously, the regulators recognise the importance of providing clarity to sandbox entrants on whether a non-systemic regime will be created as early as practicably possible so that firms can see the route by which they may exit the DSS. The regulators will provide their views to HMT on whether a new legislative regime is required for such entities.

FSMA 2023 requires HMT to publish a report to Parliament on the FMI sandbox arrangements, which sets out its assessment of the DSS and whether and how permanent changes will be made. It will consult the Bank and the FCA in preparing the report. HMT have stated that they could make permanent amendments to legislation via a statutory instrument more than once so that sandbox entrants who are ready to operate outside the DSS are not held back. Once any new legislative framework is in place, a DSD will need to be authorised under that legislation in order to operate outside of the DSS without limits. Authorisation could proceed at pace and will depend on a DSD’s ability to meet all the new regulatory requirements in full and to provide the required evidence.

At the end of the DSS, sandbox entrants will be able to continue to rely on any FCA permissions they hold to operate a trading venue.

Wind down

Not all sandbox entrants will be able to scale successfully in the DSS and graduate to operate under a possible new permanent regime. Given the experimental nature of the DSS, a number of sandbox entrants might exit the DSS and wind down.

Sandbox entrants will be required to have credible wind down plans in place that set out how to wind down their business in an orderly way in a range of scenarios. These plans will be reviewed carefully by supervisors and will need to be kept up to date by sandbox entrants for the duration of their participation in the DSS. Sandbox entrants will also be required to hold sufficient capital to execute their wind down plans. This should ensure that any disruption to users and broader market participants will be minimised.

The regulators anticipate that wind down plans will likely rely on two strategies:

• a transfer of outstanding securities to another DSD or CSD; and
• making use of regulatory capital to maintain basic functionality until those securities mature. We believe this will likely only be viable for securities with a short maturity.

Wind down can be triggered at any time during the lifecycle of the DSS. A voluntary wind down would be triggered by the sandbox entrant itself. A forced wind down would be triggered by the regulators. The sandbox entrant is responsible for ensuring that wind down is orderly in both cases through maintaining and executing their wind down plan.

Voluntary wind down may be triggered by a sandbox entrant if it chooses to exit the DSS and wind down its business. This could be triggered for commercial reasons if the firm decides their technology or business model is not viable or it has not been able to secure the required funding to scale the business.

Wind down could also be triggered by the regulators in other circumstances, such as if a sandbox entrant becomes insolvent, due to concerns about the risks the firm poses, including to its participants or other parts of the financial system, or if rules have been breached. Forced wind down by regulators is not a decision that would be taken lightly. The regulators may also trigger a wind down if a technology or practice is deemed too risky to financial stability or market integrity.

The purpose of the DSS is not to provide a permanent scaled down regulatory regime where firms can have ongoing access to modified legislation. The regulators will also need to consider whether sandbox entrants have a realistic chance of operating outside the DSS and the length of time it will take them relative to the length of the DSS.

The regulators recognise the financial and technological investment that firms will be making in order to participate in the DSS as sandbox entrants. The regulators are also aware of the opportunity cost of such investments. Any decision to trigger a forced wind down will therefore be considered carefully and objectively by the regulators.

DSS timeframes

Figure 4: Indicative timeframes from Gate 1 applications to live activity in the DSS

To provide potential participants with more certainty about the duration of the process for their intended business model, especially for the purpose of investment cycles, the Bank and the FCA will aim to process applications according to the timeframes in Figure 4. The timeframes described are an aim. Applicants should be aware that there will be some variation in the time it takes to process applications at the different gates and will be influenced by factors such as the quality and completeness of an application and the business model proposed.

How long it will take sandbox entrants to progress from one stage to another will depend on the gate they are applying to move through and the speed at which they can collect the evidence needed to demonstrate that they are meeting the necessary requirements set out by the regulators. Figure 5 is indicative (the precise timings for the Gate 3 review points are yet to be decided by the Bank). It gives an illustration of a best-case scenario for two types of business models that might apply to enter the DSS.

Figure 5: Indicative timeline to illustrate the journeys of two different business models through the DSS ^(a)

Footnotes

• (a) The timing of Gate 3 review windows are indicative only. In practice, the regulators will take a flexible approach to opening the Gate 3 review windows depending on the speed of progress made by firms in the DSS.

4: Settlement assets for payments in the DSS

Currently, under Article 40 of UK CSDR, securities settlement in Sterling at CSDs is required to be carried out in central bank money to ensure there is no credit and liquidity risks in the settlement asset. Where settlement in Sterling in central bank money is not practical or available or for settlement in other currencies, CSDs can settle through accounts opened with commercial banks.

In the interest of clarity and recognising the fact that tokenised wholesale central bank money is not currently available, the Bank will allow for the use of commercial bank money with little or no credit or liquidity risk, or equivalent, regulated, private forms of money, to be used as a payment asset within the DSS. This approach aligns with the CPMI-IOSCO Principles for Financial Market Infrastructures (PFMIs), specifically Principle 9. At present, we will not allow stablecoins or e-money to be used for money settlement in the DSS for any currency. Stablecoins and e-money are generally subject to different regulation and protections to commercial bank money and the Bank considers that they carry higher risks.

DSDs will be able to settle the cash leg for all or part of any securities settlement systems they operate only through accounts opened with a credit institution with permission to accept deposits under Part 4A of FSMA 2000, or through their own accounts if in compliance with key provisions of Chapter 2 of the DSS rules instrument, including a requirement for the DSD to have a Part 4A permission to accept deposits.

Please note that this is intended as a temporary arrangement, and as DSDs scale and prepare for authorisation under a possible new permanent settlement regime, the Bank may require DSDs to provide for settlement in central bank money. Alongside omnibus accounts which could be used for this purpose, the Bank is undertaking a renewal of its Real-Time Gross Settlement service, which is utilised in wholesale settlement including for trading securities. In any event, the Bank would work with firms to ensure that any transition to central bank money is smooth for sandbox entrants and their members.

5: Approach to supervision and enforcement in the DSS

The regulators will tailor their supervisory approach throughout the DSS to the risks posed by firms and will be guided by the objectives of the DSS. The regulators also have access to existing powers under FSMA 2000 for the purpose of operating the DSS under the DSS Regulations.

Bank supervisors will assess DSDs against the relevant rules as part of the decision whether to allow them to go through Gates 2 and 3. The Bank has shared its approach to gaining supervisory assurance at Gate 2 in Section 3 above and will share information at a later date on its approach at Gate 3. Following a successful supervisory assessment against Gate 2 or Gate 3 rules, those rules will continue to apply until the firm is ready to progress to the next stage, including seeking authorisation under a new permanent regime.

An important difference between the Bank and FCA approach is that the operators of trading venues will need to satisfy the same requirements as currently exist outside of the DSS. These are already designed to accommodate non-systemic firms. DSDs do not have to meet in full the supervisory assessment processes currently in place for (systemic) CSDs. Instead, the Bank is putting in place proportionate assessment and assurance requirements for DSDs, which will change to reflect their progress in the DSS, their levels of live activity and therefore their risks.

Users or participants of a DSD in the DSS should be aware that the Bank is taking this proportionate approach to assessment (for approval to enter the DSS) and ongoing supervision for these firms and take this into consideration when deciding whether to engage with a DSD. That is because DSDs will not be expected demonstrate to the full extent of assurances (for instance on operational resilience), as a CSD. The levels of assurance required will likely increase over time as the DSD progresses through the DSS. Users may therefore wish to engage more closely with DSDs than they would do with a CSD authorised under CSDR in order to understand for themselves the level of service they should expect as users and the risks that they are exposed to. Firms should take into account the unique and temporary nature of the DSS and consider any risks that poses for them. These risks may be different or greater than those which exist outside of the DSS. For example, persons engaging with a DSD should note that DSDs will not be required to seek designation under the Settlement Finality Regulations. However, Bank rules do require a DSD to disclose the rules governing settlement finality that apply to their securities settlement system and users should use this information to understand the level of investor protection that is available to them.

Approach to regulatory powers under the DSS Regulations

The DSS Regulations extend the scope of certain existing regulatory powers under FSMA 2000 such that the regulators have supervision and enforcement powers in respect of:

1. Sandbox entrants, including those which have only passed Gate 1 but are not an authorised person or approved by the Bank to undertake the activities of a CSD.
2. Other persons engaging in DSS activity, specifically: persons using the services provided by the sandbox entrant; persons providing services either directly or indirectly to the sandbox entrant or to its users; persons carrying on activities or providing services in connection with a digital security used in connection with the sandbox entrant’s DSS activities.

The above categories can therefore include persons who are neither authorised nor exempt from the general prohibition under FSMA 2000.

The FCA intends to take the same approach to supervision for these persons as it does for authorised or exempt persons. If enforcement action is needed the FCA will follow its general approach to enforcement, which for the FCA is set out in the Decision, Procedures and Penalties Manual (DEPP) and the Enforcement Guide (EG). The FCA has updated DEPP specifically for the DSS to account for additional powers which have been conferred through the DSS Regulations. All other sections of the FCA Handbook, for example SUP, MAR and REC, continue to apply where relevant to sandbox entrants and other persons engaging in DSS activity.

In relation to the Bank, the DSS Regulations require the Bank to prepare and publish a number of statements of policy with respect to its approach to enforcement and the use of its disciplinary powers. These enforcement powers mirror the powers the Bank has in respect of CSDs pursuant to Schedule 17A of FSMA 2000, and the Bank therefore intends to follow the existing approaches set out in its current relevant policies.

Furthermore, under the DSS Regulations, the regulators have powers specific to sandbox entrants, as described below. The use of these powers could indirectly affect users of a sandbox entrant’s FMI or other participants.

As the Bank is the appropriate regulator for entities undertaking the activities of notary, settlement and maintenance, it is able to modify, suspend or terminate a sandbox entrant’s SAN (including approved activities and conditions for those approvals) where the sandbox entrant breaches a requirement or if it appears necessary or expedient for the purposes of implementing and operating the FMI sandbox arrangements.

DSDs who appear to be failing to meet regulatory standards may have additional restrictions added to their SAN and be given time to rectify concerns. If concerns are not addressed within a reasonable period, the Bank may modify the SAN (along with the firm’s DSD approval) such that the firm can no longer conduct DSS activities and would be required to implement its wind-down plans, in some circumstances, the Bank may revoke the SAN entirely. The Bank has the power to direct DSDs to engage or cease engaging in a specified action, and to require participants to provide the regulators with certain information or documentation.

The Bank has access to the existing powers in relation to CSDs as part of the DSS. This includes the relevant powers the Bank has under FSMA 2000, including information gathering and investigation powers, powers of direction, powers to impose penalties, powers to issue censures and powers to apply for injunctions or impose restitution. The exercise of some of the Bank’s powers under FSMA 2000 is referable to the Tribunal.

Where the FCA is the appropriate regulator for a sandbox entrant’s activity, it will have similar powers to modify, suspend or cancel a SAN. The FCA also has access to its existing powers under FSMA 2000, including the information gathering and investigations powers in Part 11, the disciplinary measures in Part 14 and the injunctions and restitution powers in Part 25 of FSMA 2000. As mentioned above, these have been extended such that the FCA has powers over sandbox entrants and other persons engaged in DSS activities, and these extended powers will be exercised in line with current FCA approaches to supervision and enforcement. FSMA 2000 also allows firms to refer decisions that refuse, vary or revoke permission or recognition orders to the Tribunal in relation to firms regulated by the FCA. These provisions remain unchanged for the DSS.

The DSS Memorandum of Understanding sets out the regulators’ joint approach to regulating the DSS and in particular sandbox entrants, and how the two regulators intend to co-operate.

6: Approach to the use of developing technology

Firms making use of developing technologies such as DLT may wish to employ innovative approaches such as distributed data, decentralised control of ledgers, cryptography, smart contracts and increased automation. Sandbox entrants must ensure that the use of new technologies does not compromise the high standards required of FMIs in terms of resilience and data protection.

The regulators’ approach is to be technology-neutral and supportive of innovation – for example, through the existing FCA sandboxes and the Bank’s DLT lab and ongoing hosting of the UK branch of the Bank for International Settlement’s Innovation Hub. Firms that become sandbox entrants remain responsible for ensuring they meet operational resilience requirements, including for any services that they outsource to third parties.

Firms looking to operate as a DSD need to be aware of the Bank’s regulatory outcomes of safety and stability, including adherence to the PFMIs where necessary. Firms using different technological approaches – for example, permissioned and permissionless blockchains – will need to consider similar risks but require different approaches to ensure that risks associated with them are adequately mitigated.

Sending dematerialised instructions

PERG 2.7.11 states that the regulated activities relating to sending dematerialised instructions relate to the operation of the system for electronic transfer of title to securities or contractually based investments. It also states that this is the CREST settlement system maintained under the Uncertificated Securities Regulations 2001 (USRs) and currently operated by Euroclear UK & Ireland Limited. The DSS Regulations modified the USRs so that a DSD could also be a relevant system under those Regulations. Consequently, persons seeking to engage with a DSD should note that the scope of the regulated activities relating to sending dematerialised instructions is wider in the context of the DSS. Persons sending instructions on behalf of another by means of a DSD which is a relevant system under the USRs, or causing such instructions to be sent if the person causing the sending is a system-participant, should consider whether they need the necessary Part 4A permissions.