Last month, I was at the DC Blockchain Summit watching a panel on the US and UK regulatory sandbox programs. My co-founder Sean Bennett was sitting next to me. Somewhere in the middle of it, a lot of old memories started coming back, and I realized it was probably time to write this down.
In 2018, we were building out remittance and settlement corridors on IBM’s Blockchain World Wire, using tokenized fiat to move value across borders faster and cheaper than the correspondent banking rails. One of the corridors we wanted to open was into the Gulf Cooperation Council (GCC), and the jurisdiction we were looking at was actively positioning itself as the regional fintech hub. A regulatory sandbox had just been launched and on paper, it looked like the right door to knock on.
So in late 2018, we applied. We submitted the paperwork remotely, passed the review, and by the end of December, we had an approval letter signed by the Governor of the central bank. On paper, we had the regulatory blessing every fintech founder was chasing that year: a government-sanctioned pathway to operate a blockchain-based payments platform in a jurisdiction actively branding itself as the future of fintech.
Then we tried to get banked in that same jurisdiction. And for eighteen months, no one would bank us.
We did everything a sandbox participant is supposed to do. We submitted monthly progress reports. We requested extensions and received them. We registered a local entity. We pivoted our customer base from retail users to financial institutions when the retail path stalled. We pursued conversations with four separate local banks in parallel.
One bank took our application documents, went silent for three months, responded, then went silent again. Another changed its documentation requirements partway through the review and asked us to resubmit. The one that came closest to yes eventually named their price: a minimum deposit of roughly twenty million US dollars to open a wholesale account.
Our sandbox authorization capped us at 100 volunteer customers and $500 per transaction. The maximum possible exposure in the entire program was $50,000. We were being asked to put $20 million on deposit against a $50,000 program. That was the best offer we got in eighteen months.
Meanwhile, the question of what would happen after the sandbox, what license we would need to operate commercially, and what capital requirements came with it, was consistently answered: “case by case basis, at a later stage.” We were being asked to keep investing capital to build out a local entity with no visibility into what the finish line would cost.
When we finally raised the banking issue directly with the regulator, the answer was honest and clarifying: the central bank did not get involved in introducing sandbox companies to banks. The support on offer was a handoff to the economic development agency, a directory of bank contacts, and a coworking space that sold a dedicated residency package for sandbox participants. The marketing infrastructure around the program was fully built out. The commercial pathway was not.
That was the moment it clicked. The sandbox was a real program with real people working in good faith, but the operating assumption, that regulatory approval would translate into commercial banking access, was never going to hold. The correspondent banking pressure from New York and London made blockchain companies radioactive regardless of what any local regulator said. The regulator could admit us, issue letters, grant extensions, and do all of it with genuine professionalism, and it would still not change the risk calculus of a single commercial bank.
I don’t say this bitterly. We made a reasonable bet based on the information available, and I learned three lessons from it that have shaped how I evaluate jurisdictions ever since:
1. Never join the early cohorts of an unproven program
First cohorts are a marketing exercise for the regulator, even when the regulator is competent and well-intentioned. You are the case study they need to justify the program, not a company they have figured out how to actually support end-to-end. Everything is improvised, every answer is “we’ll get back to you,” and every escalation lands in a team that did not exist eighteen months earlier. Let someone else be the pioneer. Come in during cohort three, four, or five, once the operational kinks are worked out and there is an actual path from admission to operating business.
2. Demand success case studies before committing
If a jurisdiction cannot point to three or four companies that went through the program, got licensed, got banked, and are operating real businesses today, the program does not work yet. That is not a judgment on the regulator’s intentions. It is just reality. Regulatory frameworks are only as valuable as the outcomes they produce, and outcomes take years to prove out. Ask for the case studies. If they cannot provide them, you are the case study. Act accordingly.
3. Sequence boots on the ground correctly
This is the one most founders get wrong in both directions. The instinct is either to move the whole team in on day one to signal commitment, or to try to run the entire process remotely over email. Neither works.
We ran it remotely, which was the capital-efficient move and honestly the right call for that phase. Why move people across the world before you even know if the jurisdiction can support your business? But the mistake was not planning for the next phase. Once you have the regulatory approval and a clear line of sight to a bank account and clarity on post-sandbox licensing, that is when you commit bodies. Not before, because you are burning cash on a business that may never operate. Not after you are already stuck, because by then the unwritten rules have already moved past you.
The sequencing is: remote through application and early review, local presence the moment your commercial unlocks are real. Most founders either over-invest too early or under-invest too late. Get the order right.
Why this matters now
Which brings me back to that panel in DC. The US and UK sandbox programs are more mature than what we walked into in 2018, but the questions I would ask today are the same ones I wish we had asked then. Who has graduated? Who has been banked? Who has raised capital on the back of their participation? What does the path look like after the sandbox ends, in concrete terms, not “case by case basis”?
Regulatory sandboxes are proliferating again, this time for AI, for tokenization of real-world assets, for central bank digital currencies, for whatever the next wave turns out to be. Jurisdictions are competing to brand themselves as innovation-friendly. The press releases are starting to look very familiar.
Founders are going to make the same mistakes we made. The temptation to be first is enormous, especially when a regulator is flattering you, featuring you, putting you on stage. It feels like progress. Sometimes it is. Often it is just the opening paperwork of a process that no one has actually walked to the end of.
My position now is simple. Regulatory experimentation matters. Jurisdictions willing to think creatively about emerging technology deserve engagement and support. But founders should be skeptical participants, not grateful ones. The burden of proof is on the program, not on us. We are the ones taking the operational risk, spending the legal fees, and staking our runway on the outcome.
Be patient. Be picky. And never confuse a press release with a pathway.
Want sharper fintech and crypto insights? Hit subscribe on our YouTube.
