Toward Technology-Aware, Neutral Regulation: Rethinking policy approaches for the new age Finternet
As financial innovation accelerates, this article explores how neutral, modular, tech-aware regulation can close the innovation gap and future proof oversight in next-generation financial systems.
Financial innovation in the digital era is accelerating dramatically. There are brand new fintech actors without any entity structure, a whole new marketplace for finance in DeFi, and tokenized assets that are reshaping markets.
This rapid evolution has given rise to what Bryan Zhang, Executive Director of the Cambridge Centre for Alternative Finance in a recent article calls the “innovation delta”[1] – a widening gap between the exponential pace of financial innovation and regulators’ capacity to understand, adapt and respond.
In response, central banks and regulators worldwide have launched innovation offices, regulatory sandboxes,[2] SupTech programs, and joined collaborative efforts like the BIS Innovation Hub and the Global Financial Innovation Network (GFIN) to keep up. Yet these worthy efforts remain piecemeal and insufficient to bridge the ever-widening gap between technology and the understanding by regulatory incumbents. The consequences of inaction are serious: a widening innovation delta invites regulatory arbitrage, undermines consumer protection and introduces new forms of systemic risks into financial markets. To close this widening gap, what Zhang’s article describes as the path toward a “regulatory singularity”, a future where regulation co-evolves with innovation in real time, offers a compelling north star.
Regulation as Infrastructure: Moving Beyond Incremental Adjustments
To meet this moment, regulators need to move beyond incremental adjustments and undertake a systems-level reimagining of regulatory frameworks for the digital age. The current toolkit of linear, siloed, and paper-based regulation is inadequate to govern dynamic, complex digital financial ecosystems. Public consultation cycles are slow and oftentimes the regulations are outdated upon release. As a result, even well-intentioned “fit for purpose” regulations operate within an ever-shrinking window of relevance.
What’s needed is a regulatory regime that is dynamic like the market itself. Authorities should redesign institutional architectures and underlying infrastructure of regulation to be digital-first, data-driven, and capable of continual evolution.
This means thinking in terms of regulatory “stacks” and interoperable platforms rather than one-off solutions or patches. A key principle is that regulation and supervision must be treated not as static constraints, but as evolving systems to be continuously innovated and optimised. At Finternet Labs, this philosophy underpins our architectural approach. Just as the internet enabled interoperable data networks, our vision for the future financial system, the “Finternet” envisions interoperable financial networks that empower users globally, where trust, compliance and transaction logic can be embedded and evolve over time.[3] Regulatory systems too must be architected with the same principles in mind, capable of overseeing such a network-of-networks seamlessly across jurisdictions.
Bringing Technology into the Rulemaking Process
The foundational step in addressing the innovation delta is placing technology and technologists as an integral part of the legislative and rule-making conversation. This does not mean that future regulations must be technical manuals, but rather, as Zhang emphasizes, regulators must cultivate a deep understanding of the technology in play in order to even contemplate how to regulate.
A case in point is the “innovation sandboxes” that are now prevalent in over 95 countries, most of which are from the Global South. Before delving into how innovation sandboxes help, it’s crucial to understand why they exist.
Innovative technology and its adoption is often an unintentional victim of regulatory headwinds. While there are several examples of innovations that have forced regulation to follow (public ledgers and cryptocurrency being a case in point), oftentimes a lack of clarity in regulations or delay in legislating causes innovative startups to wither and die prematurely.
The first sandbox grew out of the Financial Conduct Authority’s (FCA) Project Innovate, which brought together regulators and industry voices to discuss how to foster a more hospitable environment for innovation, specifically in the financial services sector. Notably, this sector is one of the most regulated sectors globally and is therefore most resistant to the headwinds of change.
Take tokenization of securities as a classic example of this friction. In jurisdictions like the US, EU, Singapore, regulators have begun legislating based on the principle of ‘same activity, same risk, same regulation’, and thus requiring tokenization platforms to register as broker dealers, custodians, trustees, etc. depending on where in the transaction the fintech involves itself. But proponents of tokenization argue that the technology removes the requirement for a cornucopia of intermediaries to be involved in a security issuance. Smart contracts, immutable proofs on the ledger and cryptography solve for many of the risks and afford the same level of trust, but through code rather than a license.
From Licenses to Trust by Design
The devil, as always, is in the details. Accountability and pathways for recourse are crucial elements that the traditional systems provide, something that new age entrants like decentralised exchanges (DEXs) and token issuers are still coming to terms with. While in theory, smart contracts and ledgers do provide the foundational tools for regulatory technology (RegTech) and supervisory technology (SupTech), they lack two essential requirements at this stage.
First is the absence of stress testing these tools. The current financial system developed checks and balances over nearly a century of iterative processes, learning from mistakes, scams, market collapses and more.
Second is the absence of regulatory blessing, which we argue is more crucial. Licensing regimes aren’t just bureaucratic hurdles, they are social signals. They assure users that the “State” has conferred oversight, that recourse exists, and that conduct is being monitored. A modern day expression of the principle rex non potest pecare, transposed as institutional trust.
In contrast, proponents of the crypto wild west are firm believers of caveat emptor, but unlike a ginger ale manufacturer who can be sued under tort for a snail in the bottle, it’s harder to sue a developer for open-source code with vulnerabilities or an amorphous decentralised autonomous organisation (DAO) that exists only on the internet. And while the cost to the individual in the case of the snail is an upset tummy, it can be their entire net worth in a digital economy.
Modular and Adaptive Regulation for Dynamic Financial Systems
So, where do we find the middle path between innovation and accountability?
Traditional financial regulations are often rigid, one-size-fits-all, and slow-moving – ill-suited for a world where new products or risks can emerge overnight. A key strategic priority is to develop modular, adaptive and iterative regulatory frameworks.
Just as modern software is built in modular blocks that can be tweaked or replaced without collapsing the whole system, regulations can be structured as composable components or policy “lego blocks”.
This design philosophy strongly echoes Zhang’s articulation of adaptive regulatory systems where composable policy modules form the foundation of agile, use-case based regulation that evolves with innovation. For example, baseline conduct requirements could be universally applicable, while add-on modules handle specific risks (for crypto assets, AI-driven lending, etc.) and can be attached or detached as needed. This would allow regulators to tailor requirements to different business models or emerging technologies quickly, without rewriting core laws for each innovation.
A risk-tiered system can be established where low-risk innovations face lighter initial requirements but must incorporate additional modules of regulation as they grow or as risks materialize (akin to “dynamic licensing” that evolves with a firm’s risk profile. Regulators can also build sunset clauses and periodic review into new rules, ensuring that policies are revisited and updated iteratively rather than remaining unexamined for decades. Internationally, we see elements of adaptability in frameworks like the EU’s approach to fintech and AI (where proportionate, risk-based provisions are applied depending on scale or use-case).
The Evolution of the Sandbox Approach: Toward Continuous, Collaborative Regulation
Regulatory sandboxes are evolving. Originally time-bound pilot environments, some are now envisioned as permanent testbeds integrated into the regulatory process, effectively serving as modular interfaces where new rules can be safely trialed and refined before wider deployment.
A permanent sandbox can act as a bridge between innovators and regulators: it is both a safe space for firms to demonstrate compliance approaches and a laboratory for regulators to pilot new regulatory requirements or supervisory technologies.
In parallel, the UK’s Financial Conduct Authority (FCA) and Bank of England have introduced the Digital Securities Sandbox (DSS)[5], a regulatory framework that allows firms to operate tokenized securities infrastructure within a controlled environment. By enabling live testing of these systems under modified rules, the DSS represents a meaningful shift toward embedding regulatory adaptability into market infrastructure. A similar shift is underway in the US. In May 2025, Commissioner Hester Peirce endorsed a regulatory sandbox to support the tokenization of traditional securities, allowing blockchain-based issuance, trading and settlement under conditional exemptions. Like the DSS, it reflects a broader move toward technology-aware, flexible regulation designed to modernize capital markets without compromising investor protection. This shift toward more adaptive regulation is directly relevant to the Finternet’s goal of building compliance-aware, programmable infrastructure that can evolve alongside the market.
At the international level, GFIN continues to operate and expand. It serves as a platform for regulators to share knowledge on fintech trends and run thematic cross-border trials. For instance, one cohort might focus on sustainable finance solutions across multiple countries’ sandboxes simultaneously. The presence of global bodies (such as FSB, IOSCO) as observers in GFIN ensures learning is disseminated. The strategic opportunity is to take such collaboration further. Imagine a unified sandbox model where a fintech can enter a single sandbox and, through mutual agreements, simultaneously meet the testing requirements of all participating regulators. This would drastically reduce regulatory friction and enable safer, faster scaling of innovation across borders, something the Finternet architecture could help facilitate at a technical level.
Effective oversight in the era of digital innovation demands unprecedented cooperation not only across borders but also across diverse regulatory domains. Platforms that convene financial regulators with their counterparts in data protection, competition policy, and communications oversight are exceptionally rare. Initiatives such as the UK's Digital Regulation Cooperation Forum represent pioneering examples of such cross-sectoral collaboration. Expanding on this model through regular international conferences, targeted seminars, strategic roundtables and collaborative workshops will be essential. These structured interactions can forge meaningful dialogue, drive regulatory coherence and ensure coordinated responses to the challenges posed by rapidly evolving digital ecosystems.
Rules as Code and Programmable Regulation
But this is only one piece of the puzzle. Financial regulation today remains largely a world of legal text – lengthy PDF rulebooks, static reports, and manual compliance processes. To truly accelerate and scale regulatory oversight in line with digital finance, a paradigm shift is needed: from policy PDFs to programmable protocols.
The idea of machine-readable and machine-executable regulation is to encode regulatory requirements in a structured format that computers can interpret and even act upon automatically. Zhang in his article emphasizes the importance of this as a means to narrow the innovation delta.
Embedding rules into digital systems not only reduces compliance friction but also shortens the loop between regulatory intent and enforcement.
In a future state, compliance rules could live as code embedded within financial systems, such that transactions or activities that violate rules are automatically flagged or blocked without human intervention. Achieving this requires standardizing the way regulations are written (taxonomy and data standards) and developing technical infrastructure (APIs, logic engines) for rules deployment. The FCA and Bank of England experimented with this in their Digital Regulatory Reporting (DRR) pilot. In that pilot, regulatory instructions (for a mortgage reporting requirement) were converted into executable code that could pull data from firms’ systems and generate the required report, demonstrating how “rules as code” could greatly streamline compliance. Globally, other examples have emerged. The Monetary Authority of Singapore’s (MAS) Project NovA aimed at AI-enabled compliance, and collaboration with industry on data models. The U.S. Commodity Futures Trading Commission (CFTC) worked with academia on “rules as code” for some derivatives reporting. On the industry side, the International Swaps and Derivatives Association (ISDA) developed the Common Domain Model (CDM), a machine-readable representation of derivatives trade terms and can facilitate automated compliance checks for contractual rules. The BIS Innovation Hub has also highlighted the importance of RegTech solutions that automate regulatory change management, for example, tools that automatically parse new regulation to identify obligations for firms. What these efforts signal is a paradigm shift toward regulation as a dynamic, programmable infrastructure, one that can scale and evolve in tandem with the financial systems it oversees. This is the very direction in which Finternet infrastructure is being developed: to enable programmable compliance, and modular control systems that align regulatory obligations with network-wide transaction logic.
Regulatory Interoperability for a Borderless Financial Future
Perhaps the biggest issue to tackle, as technology makes distance meaningless, is regulatory arbitrage. Financial markets and digital services increasingly transcend national borders, while regulation remains overwhelmingly jurisdiction-bound. This structural fragmentation – borderless digital finance versus siloed, country-specific rules – creates misalignments and opportunities for regulatory arbitrage. We’ve seen crypto exchanges leave jurisdictions that placed license regimes on their operations in favour of jurisdictions with a ‘light-touch’ approach or an absence of regulations[4].
In a future where, for example, transactions flow seamlessly over a “Finternet” connecting multiple countries, regulators must likewise be able to coordinate seamlessly, share information, and even execute supervisory actions in concert.
This means aligning not just on regulatory intent, but on the operational mechanics such as shared taxonomies, data formats, supervisory protocols, and regulatory outcomes so that equivalent activities face similar oversight no matter where they occur. It also means building the trust and legal agreements necessary for cross-border data sharing and joint oversight of global fintech firms or infrastructures.
One concrete step is the development of common data standards and interoperable regulatory reporting frameworks. Just as the Legal Entity Identifier (LEI) has helped unify identification of parties in transactions globally – regulators should similarly cooperate on unique identifiers and standardized definitions for digital assets, AI model risk metrics and cross-border data reporting. Initiatives like the ISO 20022 messaging standard for payments are foundational in this regard facilitating consistent data in cross-border transactions. This can be extended to areas like regulatory reporting, digital asset classification and AI model governance.
Another approach is mutual recognition agreements or passporting regimes for fintech activities. The EU’s Single Market does this for financial services internally; expanding that concept globally through bilateral or multilateral agreements (perhaps on specific domains like crypto exchanges or stablecoin issuers) could reduce duplication and gaps. Furthermore, regulators should use collegial platforms and networks to collaborate.
Platforms for regulatory cooperation already exist. One noteworthy example is the Regulator Knowledge Exchange (RKE)[6] platform developed by the Cambridge Centre for Alternative Finance. As a peer-led, community-driven initiative, RKE enables financial authorities and public institutions to connect, learn and collaborate on shared challenges in digital financial regulation and infrastructure. It offers a model for how digital platforms can facilitate trusted regulatory coordination at scale. Similarly, the BIS Innovation Hub and global standard-setting bodies such as BCBS and IOSCO provide essential venues for high-level regulatory dialogue and agenda-setting. Building on these efforts, there is now an opportunity for deeper, scenario-driven collaboration. Spaces where regulators can jointly model risk, test supervisory responses, and co-develop model laws.
This is where neutral, interdisciplinary conveners can make a real difference. We need trusted spaces where regulators, technologists, industry leaders, and civil society can come together to test ideas, debate emerging issues, and shape better rules. These can be enablers in bridging the innovation delta.
Universities and research institutions are especially well-suited for this role. They bring independence, intellectual rigor, and the ability to connect across disciplines. This makes them ideal hosts for simulations, shared tools, and collaborative problem-solving. Historically, academic institutions have been hotbeds of open deliberation, places where big ideas were tested and contested. In today’s fast-moving digital landscape, we need spaces like these more than ever: environments that are not driven by commercial incentives or regulatory turf wars, but by a shared commitment to understanding complex technologies and designing thoughtful responses. By facilitating open dialogue, producing rigorous research and helping to build common frameworks, these neutral conveners can help bridge divides between sectors, ideologies, and jurisdictions and accelerate the shift toward smarter, more adaptive regulation.
Ultimately, advancing towards “regulatory singularity” is not merely a matter of adopting new technologies. It requires shared trust, common infrastructure, and coordinated intent. Only by embedding adaptability, interoperability, and collaboration into the very architecture of regulation can we build a future financial system that is resilient, inclusive and innovation friendly by default.
Note: We encourage readers to explore Bryan Zhang’s original article, “From innovation delta to regulatory singularity: how innovative regulatory systems can help regulation keep pace with financial innovation” for the full articulation of some of these ideas.
This blog has been authored by Siddharth Shetty (CEO, Finternet Labs)
The author acknowledges the research contributions of Abhishek Sankritik (Director, Policy and Programs at Finternet Labs) in shaping the foundations of this piece. Editorial and writing support provided by Vinith Kurian (Contributor, Finternet Labs).
Endnotes
[1] Zhang, B.Z. (2025) From innovation delta to regulatory singularity: How innovative regulatory systems can help regulation keep pace with financial innovation, Cambridge Centre for Alternative Finance, University of Cambridge Judge Business School.
[2] Financial Conduct Authority (2016) The Financial Conduct Authority’s launches world’s first regulatory sandbox to support financial innovation, Press Release, 9 May.
[3] Nilekani, N. and Carstens, A. (2024) The Finternet: The Financial System for the Future, Bank for International Settlements Working Paper No. 1178.
[4] The Law Library of Congress (2018) Regulation of Cryptocurrency in Selected Jurisdictions: Including British Virgin Islands (BVI) and Cayman Islands, Global Legal Research Directorate.
[5] Bank of England and Financial Conduct Authority (2023) Digital Securities Sandbox, FCA–BoE Joint Initiative.
[6] Regulator Knowledge Exchange (RKE), Cambridge Centre for Alternative Finance (CCAF)