Fintech 2024 Comparisons

Egypt lacked specific regulations for the booming fintech industry before the banking law No 194 of 2020 (the “Banking Law”) was issued in 2020 and the new fintech law for non-banking financial services No 5 of 2022 (the “Non-Banking Fintech Law”) was issued in 2022 to fill this gap. These laws pave the way for digital banks, e-payments and other e-banking solutions, and the Egyptian government has been actively promoting financial inclusion and digitisation through these frameworks.

Egypt has entered the digital banking era with tools like internet and mobile banking, but the legal framework embodied by the old banking law No 88 of 2003 was not sufficient to navigate the fast-paced developments within the fintech industry. This regulatory gap has forced the banks to rely upon customised agreements with their customers, paving the way for future, more comprehensive fintech regulations.

The Egyptian fintech landscape is booming in 2024, driven by a tech-savvy population, supportive government policies and a growing demand for innovative financial solutions. The key aspects of this include the following.

• Increasing financial inclusion: fintech start-ups are playing a crucial role in bringing financial services to the unbanked and underbanked population in Egypt. Mobile wallets, microloans and alternative credit scoring methodologies are making it easier for people without traditional bank accounts to access financial products and financial services.
• Rise of digital investments: Egyptians are increasingly interested in investing their money online. Robo-advisers, micro-investing platforms and fractional ownership solutions are making it easier and more affordable for Egyptian people to invest in stocks, bonds and other assets through online platforms.
• Evolving payments landscape: cash is still king in Egypt, but cashless payments are gaining a lot of traction. Mobile wallets, QR code payments and contactless cards are becoming more popular, driven by the convenience and the security they offer.

Egypt's fintech scene is booming, with both new and established players competing for a share of the available resources or opportunities. The following verticals dominate the market, with the noted key players:

• non-banking fintech solutions, such as payment services, lending, peer-to-peer financing, etc; and
• banking fintech solutions, including microfinance, consumer finance, factoring, financial leasing, SME financing, robo-advisory services, insurance, micro-insurance, nano-finance, etc.

Egypt's Non-Banking Fintech Law governs how fintech can be used in the realm of non-banking financial services. This fintech industry includes modern digital tools like mobile applications, AI and blockchain to offer financing, insurance and support through platforms and electronic programs. Businesses that are using these tools in non-banking sectors typically require a permit or licence from the Egyptian Financial Regulatory Authority (FRA).

On the other hand, the Banking Law governs how fintech solutions operate within the realm of the banking services sector. The Banking Law is further complemented by the regulations issued by the Central Bank of Egypt (CBE).

Several other pieces of legislation are also relevant to payments and fintech services in Egypt, including:

• the Non-Cash Payment Law No 18 of 2019;
• the Telecommunications Law No 10 of 2003;
• the E-Signature Law No 15 of 2004;
• the Data Protection Law No 151 of 2020;
• the Cybercrimes Law No 17 of 2018; and
• the Egyptian Commercial Code No 17 of 1999.

The current legal system allows for the imposition of charges, including those that may not be immediately evident to the consumer, both directly and indirectly. The permissible compensation models in Egypt's fintech scene will depend upon the specific vertical and the applicable regulatory framework.

The Egyptian fintech regulatory framework underwent a significant shift with the introduction of the Banking Law in 2020 and the Non-Banking Fintech Law in 2022. Both laws form the primary legislative basis for governing fintech activities in Egypt.

Banking Fintech Services

The CBE established a sandbox in 2019 that primarily targeted innovative ideas (through new players) to pave the way for such players to access the Egyptian fintech market in a smooth manner. Other than that, it seems that the regulations governing fintech banking services are the same for legacy players and new players alike.

Non-Banking Fintech Services

The FRA established a sandbox called CORBEH in 2023, also for innovative ideas (through new players) to enable them to access the Egyptian fintech market and solve fundamental issues within such market.

In addition, the Non-Banking Fintech Law introduced a regulatory framework specifically for start-ups, under which start-ups are allowed to obtain a temporary two-year licence with less stringent conditions than are available for established market players (legacy players). For instance, start-ups were allowed to obtain this temporary licence while being obliged to satisfy a much lower capital requirement (EGP15 million for some activities) than is required for established market players (EGP75 million for some activities).

There are two main sandboxes in Egypt:

• one for the banking fintech sector, which is operated under the umbrella of the CBE; and
• one for the non-banking fintech sector, which is operated under the umbrella of the FRA.

Banking Fintech Sector: CBE Sandbox

As part of its role as a catalyst for change and supporter of the fintech industry, the CBE launched its sandbox (the “CBE Sandbox”) in May 2019, which serves as a testing environment for fintech businesses developing new business models facing challenges from stringent authorisation requirements and regulatory uncertainties. The CBE Sandbox functions as a virtual and well-defined space, giving applicants the opportunity to experiment with their innovative fintech solutions. This experimentation occurs within a live, relaxed regulatory environment for a limited duration, on a small scale, and under precisely defined parameters.

The CBE Sandbox is designed to contain challenges and risks to the financial system and ordinary fintech consumers, ensuring a controlled testing environment. The primary goal of the CBE Sandbox is to integrate compliance into the fintech ecosystem at its early stages. By doing so, it enables fintech innovators to concentrate on refining their core offerings while simultaneously safeguarding consumers and other market participants from adverse effects related to regulatory uncertainties stemming from disruptive fintech activities.

Non-Banking Fintech Sector: FRA Sandbox (“CORBEH”)

In March 2023, Egypt introduced its first FRA authorised sandbox, called “CORBEH Sandbox”, to facilitate the testing of fintech applications. This regulatory sandbox, established with the authorisation of the FRA, involves a collaboration with Egypt Securities Exchange. The framework aims to balance innovation promotion and risk management by providing a controlled environment for experimentation. It is governed by the Fintech Law and related FRA decisions. Key features include adaptable licensing and capital flexibility, the involvement of authorised founders' agents, compliance obligations, ongoing monitoring and reporting, and a focus on consumer protection and risk mitigation. The core ongoing obligations within CORBEH stress the establishment of governance structures, ensuring compliance and maintaining transparency.

There are two main regulators for the fintech industry in Egypt:

• the CBE is in charge of regulating any fintech activities within the banking financial services sector; and
• the FRA is in charge of regulating any fintech activities within the non-banking financial services sector.

Other regulators might also be involved in the fintech industry, most notably the National Telecommunications Regulatory Authority (NTRA) when it comes to regulating digital wallets. The council to be established by virtue of the Data Protection Law No 151/2020 is expected to deal with players in the fintech industry (both banking and non-banking). Lastly, the Information Technology Industry Development Authority (ITIDA) is the entity responsible for digital signatures regulatory overview in Egypt.

Obligations differ according to the fintech sector in question, as follows.

Banking Fintech Sector

Under Egyptian regulations, banks cannot obtain services from providers that are not registered with the CBE. Doing so exposes them to full responsibility for any potential complications caused by these unregistered collaborators. In this regard, the Banking Law mandates registration with the CBE for any third-party providing services (known as “Delegated Services”) on behalf of licensed financial institutions.

Non-Banking Fintech Sector

The FRA regulates online trading activities in Egypt, and has issued specific regulations outlining the requirements for brokerage companies offering online trading platforms.

The Non-Banking Fintech Law has also set out certain conditions for the outsourcing of certain fintech provider functions. In this regard, fintech firms are obliged to conclude due diligence on potential vendors (to whom the functions are outsourced), assessing their financial stability, compliance history and security practices. Stringent data protection regulations are also applicable when it comes to the outsourcing of some fintech provider functions. Depending on the function outsourced, the fintech providers may be required to report the outsourcing arrangement to the relevant regulator and notify the customers concerned.

As a general rule, regulated entities (whether start-ups or large players) are responsible for ensuring that the services they provide are not used for illicit purposes. This is why all regulated actors are subject to Egyptian anti-money laundering (AML) legislation, and are expected to obtain sufficient information on their clients to be able to prevent them from using their platform for illicit activities.

A prominent example of fintech providers in Egypt acting as “gatekeepers” is the Payment Service Providers (PSPs), who are designated as “gatekeepers” with specific obligations to prevent and report suspicious transactions, conduct know your customer (KYC) and AML checks, and implement data security measures.

Generally, the concept of “gatekeeper” responsibility for fintech providers in Egypt is still evolving. In this respect, the level of responsibility for other fintech activities varies depending on the type of service and the applicable regulations.

Unfortunately, due to the emerging nature of the fintech ecosystem in Egypt and the limited public accessibility of enforcement actions, it is challenging to compile a comprehensive list of significant enforcement actions across either the banking fintech sector or the non-banking fintech sector.

Privacy, cybersecurity, social media content and software development can significantly impact all industry participants in Egypt.

Privacy and Data Protection

Service providers must safeguard all stored and archived data, especially personal information, adhering to strict confidentiality guidelines. The disclosure of personal data is only permitted with the issuance of a court order.

Furthermore, a new data protection law was issued in 2020 (Law No 151 of 2020), although the executive regulations of such law have not yet been issued so the law is considered to be only partially effective. In all events, this law does not apply to entities regulated by the CBE, as such entities are subject directly to the regulations and the supervision of the CBE itself.

However, this law should apply to non-banking fintech providers that are regulated by the FRA. In this regard, it must be noted that the Non-Banking Fintech Law imposes similar conditions to those imposed under the data protection law. For instance, non-banking fintech providers are not allowed to disclose any of their clients’ personal data without obtaining the prior written consent of such clients.

Cybersecurity

Under the Anti-Cybercrime Law, the providers of information technology and telecommunications services in Egypt, including those processing or storing data, are obliged to retain and store user data for a minimum of 180 consecutive days. This data encompasses user identification, service system content, communication traffic, terminal details and any other information deemed necessary by the NTRA.

Concerning the banking fintech sector, the Banking Law states that any bank must be audited by two auditors that are chosen from the list created for this purpose by the CBE. A single auditor cannot audit more than two banks simultaneously, and the auditor may not be a shareholder in the bank they are auditing. Moreover, the bank must inform the CBE within 30 days of appointing its auditors. Lastly, the CBE governor can appoint a third auditor for specific tasks at their discretion, with the costs to be covered by the CBE.

There are no similar obligations for fintech providers within the non-banking fintech sector just yet.

There are instances of industry participants offering unregulated fintech products and fintech services in Egypt. This practice, while not explicitly prohibited, raises complex questions and is coming under increasing scrutiny by the regulatory bodies concerned (both the CBE and the FRA).

The Egyptian Anti-Money Laundering Law significantly impacts both regulated and unregulated fintech providers, shaping their operations and influencing their growth within both the banking fintech sector and the non-banking fintech sector. In this regard, Egypt's AML Law and its executive regulations require specific obligations from multiple designated entities, including entities operating under the umbrellas of both the CBE (banks, branches of foreign banks and money transfer entities) and the FRA (financial leasing companies and factoring companies). These entities also face additional compliance responsibilities under the relevant sectoral laws. Failure to comply with such rules exposes them to various penalties, ranging from financial fines to imprisonment.

There are no class assets under the Non-Banking Fintech Law and hence no different business models are mandated on this front.

There are no implemented robo-advisers’ solutions within the Egyptian fintech industry yet. This line of business requires prior licensing under the Non-Banking Fintech Law, with the relevant licence/permit to be obtained in advance from the FRA.

While the Non-Banking Fintech Law in Egypt offers a framework for regulating different fintech activities, it is still too early to delve into specific practical issues like best execution for customer trades within the broader fintech sector. The law itself has not fully matured, and the regulatory interpretations around specific aspects like best execution would take time to develop.

Online loans can be disbursed through the banking fintech sector or the non-banking fintech sector.

Banking Fintech Sector

The CBE’s updated regulations on mobile payments now pave the way for instant digital lending via mobile phones. This allows banks to bypass the traditional branch visits and disburse loans electronically through approved mobile payment services.

The CBE sets the following limits for mobile loans:

• for individuals, loans are capped at EGP5,000;
• Category (A) Companies, which must meet specific verification criteria and have mobile accounts with the bank, can access amounts up to EGP15,000, aligning with the AML regulations issued in March 2020; and
• Category (B) Companies, encompassing micro-businesses and individuals like plumbers and electricians can borrow up to EGP10,000 through mobile loans but they must be listed under specific economic activities as defined by the CBE and have mobile accounts adhering to the AML regulations.

Non-Banking Fintech Sector

The Non-Banking Fintech Law in Egypt expands its reach to consumer financing activities conducted through online platforms. Any entity offering such services requires a licence/permit from the FRA. The same also applies to offering micro-finance activities, SME financing activities or nano-finance activities through online platforms; all of these activities require prior licensing by the FRA.

The CBE sets regulations for digital lending to protect both borrowers and lenders. These regulations require borrowers to understand and agree to the terms of their mobile loans, provide valid identification, and have their creditworthiness and existing digital loans assessed before the loan is approved. This helps to ensure responsible lending practices and informed financial decisions in the digital era.

Egypt's financial landscape is evolving with the use of alternative data for credit assessments. This allows banks to consider factors like bill payment behaviour when evaluating loan eligibility, potentially broadening access to credit for individuals without traditional credit scores. However, regulations require banks to implement robust risk management practices and testing procedures to ensure responsible lending and to mitigate potential risks associated with this innovative approach.

The legal framework concerning loan sources in Egypt varies depending on the lender itself. In this regard, the Banking Law applies to any legalities concerning the source of funds for any entities operating within the field of banking fintech services, which sector is governed by the CBE.

The Non-Banking Fintech Law applies to non-banking fintech providers, and the FRA would be the relevant authority.

Egypt's financial sector relies heavily on loan syndication, where multiple banks co-operate to provide financing for large-scale projects or borrowers with significant loan requirements. This practice helps to distribute risks, mobilise resources and facilitate economic growth. In this regard, the syndication of loans is primarily regulated under the provisions of the Banking Law.

The CBE plays a crucial role in regulating payment systems and services and the offering of payment services like online payments or money transfers. It sets out the rules and requirements with which technology companies must comply.

Although the official Executive Regulation has not yet been released, the CBE actively supervises all payment system operators and payment service providers in Egypt. The CBE has the authority to impose specific standards, controls or rules on any player if needed, particularly regarding how their systems work together, how their services are delivered and how their payment orders are handled. This also includes rules on interoperability between the different payment systems.

General Rule: Payment Must be in EGP

The CBE regulations require most transactions between Egyptian individuals and businesses to be conducted within the country's borders and exclusively in the national currency. However, a few exceptions allow for foreign currency transactions under specific circumstances.

Furthermore, Egyptian regulations restrict individuals and entities from directly exchanging foreign currencies or clearing between customer accounts of other currencies. Any such activity typically requires prior authorisation from the CBE to ensure compliance with the financial regulations concerned.

Exception: Rules for Mobile Payment Systems for Individuals

The CBE mandates specific requirements for receiving foreign currency transfers via mobile payment systems, whilst adhering to specific rules, as follows:

• only individuals are eligible for such transfers, not businesses;
• stringent monitoring ensures compliance with anti-money laundering and counter-terrorism financing regulations;
• the banks set individual maximum amounts based on risk assessments, with the aim of protecting both the individual and the bank – by limiting the amount of foreign currency that can be transferred through mobile payments, authorities and financial institutions strive to prevent financial crimes and promote responsible financial practices;
• the bank concerned takes the necessary steps to guarantee that the person making the transfer is the same user of the system and that their mobile phone account has been credited with EGP;
• before the transfers are examined, the amounts of incoming international transfers should not be credited to the mobile phone account; and
• it must be verified that the two transfer parties are not included on any national or international sanction lists.

In Egypt, generally only institutions with a licence from the FRA can manage investment funds. However, an exception exists for registered banks. If they are approved by the CBE, banks can also offer investment fund activities.

The FRA in Egypt mandates comprehensive disclosure requirements for investment funds to protect the investors concerned. These requirements are outlined in the “Guide on the Protection of Customers in NBFS in Capital Market Activity”, which tries to ensure transparency and informed decision-making. In this regard, investors and potential clients have the right to access the following:

• information on recurring trading policies and their associated risks;
• information on any advantage enjoyed by any related companies or financial institutions;
• transparent and accurate performance records for different periods, reflecting the fund's actual performance;
• clear and concise explanations of all terms and conditions, along with access to necessary documents;
• a statement outlining key facts such as investment policy, strategy, risk management, costs, potential conflicts of interest and complaint procedures, and a fair description of the fund's performance;
• information on any conflict of interests; and
• any disclosures according to the prospectus.

The Egyptian Stock Exchange (EGX) leverages a diverse set of trading platforms, including the X-Stream Trading System, which serves as the primary platform for both the main market and the SME market. Sub-systems include the following:

• the Coding System registers investors and grants them individual identification codes used for trading within the market;
• the Omnibus Accounts System aggregates orders from multiple investors into a single compound account – after the trading session, shares are reallocated to each investor based on their contribution and the average execution price;
• the Block Trades System aims to break up large transactions into smaller ones, executing them gradually to minimise their overall impact on the security's market price and help to maintain price stability and fairness for all investors;
• the Surveillance System – the measures implemented by the EGX to uphold investor protection include a mechanism for verifying that transactions comply with all applicable laws, regulations and procedures;
• the Operations System (OPR) – to use this system successfully, the customer needs to meet certain eligibility criteria;
• the Disclosure System is the mechanism for the dissemination of material information concerning publicly traded securities; and
• the OTC Trading System is for trading unlisted companies.

Please see 7.1 Permissible Trading Platforms.

The Banking Law requires a licence to be obtained from the CBE in order to participate in any activities related to cryptocurrencies and/or electronic money, including issuance, trading and platform operation activities.

The EGX's listing and delisting rules regulate every aspect of the process for both domestic and foreign companies seeking to list their securities on the exchange. These rules encompass eligibility criteria, application procedures and ongoing reporting obligations.

For instance, the FRA has recently reduced the minimum required number of shares to be eligible for listing on the EGX; the new FRA regulations now stipulate that companies shall offer no less than 1% of the total free-float market cap. The FRA has also introduced an additional amendment whereby it allows companies to register their securities without initially meeting the minimum requirements for the percentage of the shares offered, the number of shareholders and the percentage of free-floating shares. However, such companies must complete the offering and commence trading within six months of registration, compared to the previous one-month timeframe.

The Egyptian Capital Market Law and its executive regulations establish the general principles for order handling on the EGX. These principles include best execution, price priority and time priority.

Peer-to-Peer (P2P) trading platforms refer to the direct buying and selling of cryptocurrencies among users without intermediaries – eg, Binance, Huobi, OKX, Paybis. Egypt's regulatory framework for P2P trading is still evolving, but any entity that is willing to engage in any activity related to cryptocurrencies or electronic money must first obtain a licence from the CBE. In this respect, it must be noted that the CBE maintains a strong stance against cryptocurrencies, particularly Bitcoin, issuing multiple warnings highlighting the substantial risks involved in cryptocurrency trading. Furthermore, engaging in such activities without a licence carries a risk of imprisonment for up to ten years and/or a fine of EGP1 million to EGP10 million.

To adhere to the Egyptian stock market, investors can trade listed or unlisted securities (OTC) first by having a trading account with one of the brokerage firms licensed by both the FRA and the membership department at the EGX.

All customer orders must be promptly registered by brokerage firms, capturing details like the content of the order, the name of its source, capacity, the time and manner of its arrival to the company, and the price that the customer wishes to deal with.

Furthermore, brokerage firms are obliged to execute sale and purchase orders in full compliance with the stock exchange management. To safeguard trading integrity, brokers are responsible for verifying sufficient customer balances before selling and disbursing funds to buyers prior to trade execution.

The FRA monitors the market to ensure that trading involves sound securities, preventing both fraud and exploitation on the exchange. The EGX establishes a dedicated committee that is responsible for:

• monitoring daily trading operations;
• ensuring compliance with laws and regulations; and
• resolving disputes that may arise out of these operations.

Brokerage firms shall submit customer orders to the stock exchange within the specified timeframe or, in the absence of such specification, during the first session following receipt thereof. Orders are executed according to the date and time of their receipt at the brokerage company, and the execution of orders given to the company’s representative during trading is in accordance with the priority in which they received those orders. The brokerage firm shall, subsequent to the successful completion of a transaction, duly notify both the stock exchange and the client of its implementation within the next business day following the transaction.

Furthermore, a brokerage firm that executes a transaction in contravention of the client's instructions, involving a security not legally permitted for trading or a security subject to seizure, shall be obliged to deliver another document within one week from the date of such transaction. Otherwise, the client shall be entitled to compensation, without prejudice to their right to seek legal recourse against the responsible party.

Payment for order flow is not expressly regulated under Egyptian law, instead falling under the general provisions of the individual trading or brokerage account agreements.

Market integrity is built on two key elements: adequate disclosure and a fraud-free market. To uphold market integrity, adequate disclosure is required by the Capital Market Law and its executive regulations from brokerage companies to disclose conflicts of interest and maintain strict client confidentiality. As for fraud, the Capital Market Law prohibits insider trading, which is a type of securities fraud where non-public, material information about a company is used to gain an unfair advantage in trading its securities.

The EGX establishes trading rules and procedures for all participants, including high-frequency and algorithmic trading.

The EGX has created an electronic trading platform for the Primary Dealers System, which facilitates bond trading based on “clean prices”, where accrued interest is factored in automatically. It also calculates key metrics like yield to maturity, current yield, duration and accrued interest. The system connects electronically with primary dealers, custodians and Misr for Central Clearing, Depository and Registry Company (MCDR).

Launched to boost bond market liquidity, the Primary Dealers System aims to lower government borrowing costs and equip the CBE with tools for secondary market intervention via open market operations. Its primary functions are underwriting initial government securities offerings and acting as market makers in the secondary market.

Becoming a market maker in Egypt requires a licence from the FRA and registration in their designated register, as stipulated by the Capital Market Law. To qualify, a company must meet specific criteria set by the FRA, including:

• minimum issued and paid-up capital of EGP10 million;
• more than 50% ownership by FRA-licensed companies operating in the securities sector; and
• dedicated capital for market making activities:
1. EGP10 million for each traded index fund; and
2. 20% of the average daily trading value of the specific security (minimum EGP250,000 for EGX-listed, EGP100,000 for SMEs), adjusted quarterly by the stock exchange.

Market maker activity was incorporated into Egypt's capital market in 2007 via a Ministerial decree, expanding the services offered by capital market companies.       

Unfortunately, no applicable information specific to this jurisdiction is available at present.

Unfortunately, no applicable information specific to this jurisdiction is available at present.

DeFi employs cryptocurrency and blockchain technology for the administration of financial transactions, allowing the lending, borrowing or investing of money directly with other people, without an intermediary (such as banks or brokers).

Currently, there are no specific regulations directly governing DeFi under Egyptian law. However, it is important to consider that DeFi activities may fall under the existing laws and regulations, depending on their nature and the technologies involved. The existing relevant frameworks are as follows.

• The Banking Law regulates the banking and financial system in Egypt. While not directly addressing DeFi, the CBE has issued warnings about the risks of cryptocurrencies, which are often used in DeFi applications.
• Capital Market Law No 95 of 1992 regulates the issuance and trading of securities in Egypt. While not specifically mentioning DeFi, some aspects of DeFi activities may fall within the scope of this law, such as tokenised securities or decentralised exchanges (Article 1 of the preamble).
• The Non-Banking Fintech Law regulates non-banking financial services, which, in some interpretations, could potentially encompass certain DeFi activities, particularly the offering of lending, trading or asset management services (Article 1 of the preamble).
• Data Protection Law No 151 of 2020 – Egypt has regulations addressing cybercrime, data protection and the licences required, which could be relevant for DeFi platforms dealing with sensitive user information (Article 12).
• Anti-Money Laundering Law No 80 of 2002 aims to prevent illegal financial activities, and its regulations might apply to DeFi platforms as the law criminalises money laundering and includes digital currencies under its scope, and thus includes the cryptocurrencies used by DeFi (Article 1, paragraph a).

Financial research platforms are digital software or tools that aggregate and analyse vast amounts of financial data to help users make informed investment decisions. Under the provisions of the Non-Banking Fintech Law, financial research platforms engaging in fintech activities are required to be licensed by the FRA (Articles 3 and 8) and registered in the register of financial consulting companies and entities licensed by the FRA in order to carry out financial evaluation and prepare fair value studies (Article 28 and 28 bis of the Capital Market Law No 95 of 1992).

The Anti-Cybercrime Law grants the NTRA the ability to block digital content, websites and platforms violating anti-cybercrime rules, including misinformation. Non-compliance can lead to significant penalties for service providers, including jail sentences of two years minimum and/or fines ranging between EGP100,000 and EGP300,000 (Article 27 of the Anti-Cybercrime Law No 175 of 2018, and Article 188 of the Egyptian Penal Code No 58 of 1937). The Media Law empowers the Supreme Council for Media Regulation to take similar action against platforms infringing media regulations.

The rules on handling unverified information are outlined in 9.2 Regulation of Unverified Information.

Egyptian law imposes strict regulations on insurance activities. According to Law No 10 of 1981, anyone engaging in insurance or reinsurance, directly or through intermediaries, must be licensed by the FRA, including fintech companies selling or marketing insurance products. The Non-Banking Fintech Law includes fintech in non-banking financial activities, including insurtech. This is in addition to the two recently issued FRA decrees in 2023 – one outlining the technological infrastructure requirements for entities operating in non-banking financial activities, including insurtech (FRA Decree No 139 of 2023 dated 21 June 2023), and the other requiring non-banking financial activities to have a licence certifying that they have processes in place to verify digital identity, digital contracting and digital record-keeping (FRA Decree No 140 of 2023 dated 21 June 2023).

Please see 10.1 Underwriting Process.

Banking Fintech Sector

The Banking Law empowers the CBE to actively drive the adoption of modern technology by licensed entities through various measures, including:

• establishing a regulatory testing environment for regtech solutions; and
• a temporary exemption from some of the licensing requirements stipulated in the Banking Law for start-up companies and other entities that test regtech to provide innovative financial services.

Non-Banking Fintech Sector

The Non-Banking Fintech Law also provides a comprehensive framework for licensing fintech activities in the non-banking financial services sector, including regtech activities.

The Non-Banking Fintech Law mandates the inclusion of specific contractual terms for non-banking fintech providers employing financial technology. These include:

• detailed identification and verification of contract parties, to ensure all parties involved are clearly identified and verified;
• defined financing parameters, to precisely define the amount, duration, instalments and individual instalment value of the offered financing;
• the interest rate structure, to specify the interest rate used to calculate financing costs, clarifying whether it is fixed or variable, and independent of limitations set by other laws; and
• guarantee disclosure, to clearly disclose any guarantees secured by the financier.

While distributed ledger technology and blockchain remain largely unregulated, the Banking Law restricts certain activities in this domain. Issuing or trading cryptocurrencies and electronic money, as well as establishing platforms for their exchange, requires a licence from the CBE as per its regulations.

Please see 12.1 Use of Blockchain in the Financial Services Industry.

Please see 12.1 Use of Blockchain in the Financial Services Industry.

Please see 12.1 Use of Blockchain in the Financial Services Industry.

Please see 12.1 Use of Blockchain in the Financial Services Industry.

Please see 12.1 Use of Blockchain in the Financial Services Industry.

Under the Banking Law, engaging in any activity related to cryptocurrencies, including issuance, trading, promotion, platform operation or any connected activity, is strictly prohibited without prior authorisation from the CBE.

Currently, there are no specific regulations directly governing DeFi under Egyptian law.

While the regulatory landscape for NFTs in Egypt is currently evolving, existing regulations like the Banking Law prohibit the use of virtual assets (including NFTs) for financial purposes without a prior licence from the CBE.               

The CBE has recently implemented regulations governing instant payments network (IPN) services, enabling people to make electronic inter-bank transfers through mobile phone applications utilising application programming interfaces (APIs). Consequently, banks intending to offer IPN services must first obtain a licence from the CBE.

The CBE places primary responsibility on senior bank management to proactively assess and mitigate risks associated with instant payments, particularly data privacy and security concerns. This ensures adequate protection of data and systems associated with transactions executed through the IPN from internal and external threats, achieved through measures such as:

• defining precise roles and responsibilities for overseeing and managing the bank's security policies;
• implementing robust safeguards to prevent unauthorised access to computer systems;
• establishing the necessary electronic controls to restrict access to IPN applications and databases, including data classification, access rights determination and determining who has authorised access;
• reviewing and approving key aspects of the bank's security oversight process, including periodic review of security and system testing procedures;
• choosing encryption technology commensurate with data sensitivity and regulatory requirements, minimising data storage on mobile devices;
• utilising secure communication channels like leased lines or virtual private networks for data exchange between banks and payment service partners; and
• conducting regular security assessments of all systems (applications, networks, security devices, DNS, servers and email servers).

Fintech fraud encompasses illicit practices within the financial technology sector, including online banking, mobile payments and other digital financial services. There are no special provisions regarding the elements of fraud in the financial services and fintech, so fraud in these sectors is subject to the general provisions of the Egyptian Penal Code.

Elements of fraud under the Egyptian law include (Article 336 of the Egyptian Penal Code No 58 of 1937):

• material element – this refers to the use of fraudulent methods, the seizure of the victim's property and a causality between the perpetrator's actions and the victim's loss; and
• moral element – this refers to the criminal intent (ie, the deliberate intent to deceive the victim and misappropriate their property through the knowing and unlawful employment of fraudulent methods).

Several established forms of fraud as defined by Egyptian law are relevant to the fintech industry, such as the following.

• Fraudulent money transfer – this can be caused by fraud or negligence from the payment system operator. In such cases, transferred amounts will have to be recovered (Article 192 of the Banking Law).
• Providing misleading information – this refers to concealing data in the records or other documents submitted to the CBE. This is punishable by imprisonment and/or a fine ranging from EGP500,000 to EGP1 million (Article 230 of the Banking Law).
• Credit reporting or rating services fraud – the intentional manipulation of credit reporting or credit rating services for the purpose of securing credit is punishable by a fine ranging from EGP100,000 to EGP1 million (Article 230 of the Banking Law).
• Providing unlicensed fintech services – running or offering non-banking financial services through a fintech platform without a prior licence from the FRA would expose such unlicensed operators to a minimum imprisonment terms of six months and/or fines ranging from EGP200,000 to EGP1 million (Article 18 of the Fintech Law).
• Data confidentiality breach – disclosing a client's personal information without their prior written consent and/or unauthorised access to accounts or systems are punishable by a fine ranging from EGP100,000 to EGP1 million (Article 5, paragraph 5 and Article 36 of the Data Protection Law).
• Market manipulation – this refers to a type of securities fraud (ie, buying or selling securities with the intent to artificially inflate or depress prices) (Article 21 Bis of the Capital Market Law).
• Cybercrimes targeting bank cards, service and electronic payment methods – these crimes are punishable by an imprisonment term of at least three months and/or a fine ranging between EGP30,000 and EGP50,000 (Article 23 of the Anti-Cybercrime Law No 175 of 2018).