Egypt lacked specific regulations for the booming fintech industry before the banking law No 194 of 2020 (the “Banking Law”) was issued in 2020 and the new fintech law for non-banking financial services No 5 of 2022 (the “Non-Banking Fintech Law”) was issued in 2022 to fill this gap. These laws pave the way for digital banks, e-payments and other e-banking solutions, and the Egyptian government has been actively promoting financial inclusion and digitisation through these frameworks.
Egypt has entered the digital banking era with tools like internet and mobile banking, but the legal framework embodied by the old banking law No 88 of 2003 was not sufficient to navigate the fast-paced developments within the fintech industry. This regulatory gap has forced the banks to rely upon customised agreements with their customers, paving the way for future, more comprehensive fintech regulations.
The Egyptian fintech landscape is booming in 2024, driven by a tech-savvy population, supportive government policies and a growing demand for innovative financial solutions. The key aspects of this include the following.
Egypt's fintech scene is booming, with both new and established players competing for a share of the available resources or opportunities. The following verticals dominate the market, with the noted key players:
Egypt's Non-Banking Fintech Law governs how fintech can be used in the realm of non-banking financial services. This fintech industry includes modern digital tools like mobile applications, AI and blockchain to offer financing, insurance and support through platforms and electronic programs. Businesses that are using these tools in non-banking sectors typically require a permit or licence from the Egyptian Financial Regulatory Authority (FRA).
On the other hand, the Banking Law governs how fintech solutions operate within the realm of the banking services sector. The Banking Law is further complemented by the regulations issued by the Central Bank of Egypt (CBE).
Several other pieces of legislation are also relevant to payments and fintech services in Egypt, including:
The current legal system allows for the imposition of charges, including those that may not be immediately evident to the consumer, both directly and indirectly. The permissible compensation models in Egypt's fintech scene will depend upon the specific vertical and the applicable regulatory framework.
The Egyptian fintech regulatory framework underwent a significant shift with the introduction of the Banking Law in 2020 and the Non-Banking Fintech Law in 2022. Both laws form the primary legislative basis for governing fintech activities in Egypt.
Banking Fintech Services
The CBE established a sandbox in 2019 that primarily targeted innovative ideas (through new players) to pave the way for such players to access the Egyptian fintech market in a smooth manner. Other than that, it seems that the regulations governing fintech banking services are the same for legacy players and new players alike.
Non-Banking Fintech Services
The FRA established a sandbox called CORBEH in 2023, also for innovative ideas (through new players) to enable them to access the Egyptian fintech market and solve fundamental issues within such market.
In addition, the Non-Banking Fintech Law introduced a regulatory framework specifically for start-ups, under which start-ups are allowed to obtain a temporary two-year licence with less stringent conditions than are available for established market players (legacy players). For instance, start-ups were allowed to obtain this temporary licence while being obliged to satisfy a much lower capital requirement (EGP15 million for some activities) than is required for established market players (EGP75 million for some activities).
There are two main sandboxes in Egypt:
Banking Fintech Sector: CBE Sandbox
As part of its role as a catalyst for change and supporter of the fintech industry, the CBE launched its sandbox (the “CBE Sandbox”) in May 2019, which serves as a testing environment for fintech businesses developing new business models facing challenges from stringent authorisation requirements and regulatory uncertainties. The CBE Sandbox functions as a virtual and well-defined space, giving applicants the opportunity to experiment with their innovative fintech solutions. This experimentation occurs within a live, relaxed regulatory environment for a limited duration, on a small scale, and under precisely defined parameters.
The CBE Sandbox is designed to contain challenges and risks to the financial system and ordinary fintech consumers, ensuring a controlled testing environment. The primary goal of the CBE Sandbox is to integrate compliance into the fintech ecosystem at its early stages. By doing so, it enables fintech innovators to concentrate on refining their core offerings while simultaneously safeguarding consumers and other market participants from adverse effects related to regulatory uncertainties stemming from disruptive fintech activities.
Non-Banking Fintech Sector: FRA Sandbox (“CORBEH”)
In March 2023, Egypt introduced its first FRA authorised sandbox, called “CORBEH Sandbox”, to facilitate the testing of fintech applications. This regulatory sandbox, established with the authorisation of the FRA, involves a collaboration with Egypt Securities Exchange. The framework aims to balance innovation promotion and risk management by providing a controlled environment for experimentation. It is governed by the Fintech Law and related FRA decisions. Key features include adaptable licensing and capital flexibility, the involvement of authorised founders' agents, compliance obligations, ongoing monitoring and reporting, and a focus on consumer protection and risk mitigation. The core ongoing obligations within CORBEH stress the establishment of governance structures, ensuring compliance and maintaining transparency.
There are two main regulators for the fintech industry in Egypt:
Other regulators might also be involved in the fintech industry, most notably the National Telecommunications Regulatory Authority (NTRA) when it comes to regulating digital wallets. The council to be established by virtue of the Data Protection Law No 151/2020 is expected to deal with players in the fintech industry (both banking and non-banking). Lastly, the Information Technology Industry Development Authority (ITIDA) is the entity responsible for digital signatures regulatory overview in Egypt.
Obligations differ according to the fintech sector in question, as follows.
Banking Fintech Sector
Under Egyptian regulations, banks cannot obtain services from providers that are not registered with the CBE. Doing so exposes them to full responsibility for any potential complications caused by these unregistered collaborators. In this regard, the Banking Law mandates registration with the CBE for any third-party providing services (known as “Delegated Services”) on behalf of licensed financial institutions.
Non-Banking Fintech Sector
The FRA regulates online trading activities in Egypt, and has issued specific regulations outlining the requirements for brokerage companies offering online trading platforms.
The Non-Banking Fintech Law has also set out certain conditions for the outsourcing of certain fintech provider functions. In this regard, fintech firms are obliged to conclude due diligence on potential vendors (to whom the functions are outsourced), assessing their financial stability, compliance history and security practices. Stringent data protection regulations are also applicable when it comes to the outsourcing of some fintech provider functions. Depending on the function outsourced, the fintech providers may be required to report the outsourcing arrangement to the relevant regulator and notify the customers concerned.
As a general rule, regulated entities (whether start-ups or large players) are responsible for ensuring that the services they provide are not used for illicit purposes. This is why all regulated actors are subject to Egyptian anti-money laundering (AML) legislation, and are expected to obtain sufficient information on their clients to be able to prevent them from using their platform for illicit activities.
A prominent example of fintech providers in Egypt acting as “gatekeepers” is the Payment Service Providers (PSPs), who are designated as “gatekeepers” with specific obligations to prevent and report suspicious transactions, conduct know your customer (KYC) and AML checks, and implement data security measures.
Generally, the concept of “gatekeeper” responsibility for fintech providers in Egypt is still evolving. In this respect, the level of responsibility for other fintech activities varies depending on the type of service and the applicable regulations.
Unfortunately, due to the emerging nature of the fintech ecosystem in Egypt and the limited public accessibility of enforcement actions, it is challenging to compile a comprehensive list of significant enforcement actions across either the banking fintech sector or the non-banking fintech sector.
Privacy, cybersecurity, social media content and software development can significantly impact all industry participants in Egypt.
Privacy and Data Protection
Service providers must safeguard all stored and archived data, especially personal information, adhering to strict confidentiality guidelines. The disclosure of personal data is only permitted with the issuance of a court order.
Furthermore, a new data protection law was issued in 2020 (Law No 151 of 2020), although the executive regulations of such law have not yet been issued so the law is considered to be only partially effective. In all events, this law does not apply to entities regulated by the CBE, as such entities are subject directly to the regulations and the supervision of the CBE itself.
However, this law should apply to non-banking fintech providers that are regulated by the FRA. In this regard, it must be noted that the Non-Banking Fintech Law imposes similar conditions to those imposed under the data protection law. For instance, non-banking fintech providers are not allowed to disclose any of their clients’ personal data without obtaining the prior written consent of such clients.
Cybersecurity
Under the Anti-Cybercrime Law, the providers of information technology and telecommunications services in Egypt, including those processing or storing data, are obliged to retain and store user data for a minimum of 180 consecutive days. This data encompasses user identification, service system content, communication traffic, terminal details and any other information deemed necessary by the NTRA.
Concerning the banking fintech sector, the Banking Law states that any bank must be audited by two auditors that are chosen from the list created for this purpose by the CBE. A single auditor cannot audit more than two banks simultaneously, and the auditor may not be a shareholder in the bank they are auditing. Moreover, the bank must inform the CBE within 30 days of appointing its auditors. Lastly, the CBE governor can appoint a third auditor for specific tasks at their discretion, with the costs to be covered by the CBE.
There are no similar obligations for fintech providers within the non-banking fintech sector just yet.
There are instances of industry participants offering unregulated fintech products and fintech services in Egypt. This practice, while not explicitly prohibited, raises complex questions and is coming under increasing scrutiny by the regulatory bodies concerned (both the CBE and the FRA).
The Egyptian Anti-Money Laundering Law significantly impacts both regulated and unregulated fintech providers, shaping their operations and influencing their growth within both the banking fintech sector and the non-banking fintech sector. In this regard, Egypt's AML Law and its executive regulations require specific obligations from multiple designated entities, including entities operating under the umbrellas of both the CBE (banks, branches of foreign banks and money transfer entities) and the FRA (financial leasing companies and factoring companies). These entities also face additional compliance responsibilities under the relevant sectoral laws. Failure to comply with such rules exposes them to various penalties, ranging from financial fines to imprisonment.
There are no class assets under the Non-Banking Fintech Law and hence no different business models are mandated on this front.
There are no implemented robo-advisers’ solutions within the Egyptian fintech industry yet. This line of business requires prior licensing under the Non-Banking Fintech Law, with the relevant licence/permit to be obtained in advance from the FRA.
While the Non-Banking Fintech Law in Egypt offers a framework for regulating different fintech activities, it is still too early to delve into specific practical issues like best execution for customer trades within the broader fintech sector. The law itself has not fully matured, and the regulatory interpretations around specific aspects like best execution would take time to develop.
Online loans can be disbursed through the banking fintech sector or the non-banking fintech sector.
Banking Fintech Sector
The CBE’s updated regulations on mobile payments now pave the way for instant digital lending via mobile phones. This allows banks to bypass the traditional branch visits and disburse loans electronically through approved mobile payment services.
The CBE sets the following limits for mobile loans:
Non-Banking Fintech Sector
The Non-Banking Fintech Law in Egypt expands its reach to consumer financing activities conducted through online platforms. Any entity offering such services requires a licence/permit from the FRA. The same also applies to offering micro-finance activities, SME financing activities or nano-finance activities through online platforms; all of these activities require prior licensing by the FRA.
The CBE sets regulations for digital lending to protect both borrowers and lenders. These regulations require borrowers to understand and agree to the terms of their mobile loans, provide valid identification, and have their creditworthiness and existing digital loans assessed before the loan is approved. This helps to ensure responsible lending practices and informed financial decisions in the digital era.
Egypt's financial landscape is evolving with the use of alternative data for credit assessments. This allows banks to consider factors like bill payment behaviour when evaluating loan eligibility, potentially broadening access to credit for individuals without traditional credit scores. However, regulations require banks to implement robust risk management practices and testing procedures to ensure responsible lending and to mitigate potential risks associated with this innovative approach.
The legal framework concerning loan sources in Egypt varies depending on the lender itself. In this regard, the Banking Law applies to any legalities concerning the source of funds for any entities operating within the field of banking fintech services, which sector is governed by the CBE.
The Non-Banking Fintech Law applies to non-banking fintech providers, and the FRA would be the relevant authority.
Egypt's financial sector relies heavily on loan syndication, where multiple banks co-operate to provide financing for large-scale projects or borrowers with significant loan requirements. This practice helps to distribute risks, mobilise resources and facilitate economic growth. In this regard, the syndication of loans is primarily regulated under the provisions of the Banking Law.
The CBE plays a crucial role in regulating payment systems and services and the offering of payment services like online payments or money transfers. It sets out the rules and requirements with which technology companies must comply.
Although the official Executive Regulation has not yet been released, the CBE actively supervises all payment system operators and payment service providers in Egypt. The CBE has the authority to impose specific standards, controls or rules on any player if needed, particularly regarding how their systems work together, how their services are delivered and how their payment orders are handled. This also includes rules on interoperability between the different payment systems.
General Rule: Payment Must be in EGP
The CBE regulations require most transactions between Egyptian individuals and businesses to be conducted within the country's borders and exclusively in the national currency. However, a few exceptions allow for foreign currency transactions under specific circumstances.
Furthermore, Egyptian regulations restrict individuals and entities from directly exchanging foreign currencies or clearing between customer accounts of other currencies. Any such activity typically requires prior authorisation from the CBE to ensure compliance with the financial regulations concerned.
Exception: Rules for Mobile Payment Systems for Individuals
The CBE mandates specific requirements for receiving foreign currency transfers via mobile payment systems, whilst adhering to specific rules, as follows:
In Egypt, generally only institutions with a licence from the FRA can manage investment funds. However, an exception exists for registered banks. If they are approved by the CBE, banks can also offer investment fund activities.
The FRA in Egypt mandates comprehensive disclosure requirements for investment funds to protect the investors concerned. These requirements are outlined in the “Guide on the Protection of Customers in NBFS in Capital Market Activity”, which tries to ensure transparency and informed decision-making. In this regard, investors and potential clients have the right to access the following:
The Egyptian Stock Exchange (EGX) leverages a diverse set of trading platforms, including the X-Stream Trading System, which serves as the primary platform for both the main market and the SME market. Sub-systems include the following:
Please see 7.1 Permissible Trading Platforms.
The Banking Law requires a licence to be obtained from the CBE in order to participate in any activities related to cryptocurrencies and/or electronic money, including issuance, trading and platform operation activities.
The EGX's listing and delisting rules regulate every aspect of the process for both domestic and foreign companies seeking to list their securities on the exchange. These rules encompass eligibility criteria, application procedures and ongoing reporting obligations.
For instance, the FRA has recently reduced the minimum required number of shares to be eligible for listing on the EGX; the new FRA regulations now stipulate that companies shall offer no less than 1% of the total free-float market cap. The FRA has also introduced an additional amendment whereby it allows companies to register their securities without initially meeting the minimum requirements for the percentage of the shares offered, the number of shareholders and the percentage of free-floating shares. However, such companies must complete the offering and commence trading within six months of registration, compared to the previous one-month timeframe.
The Egyptian Capital Market Law and its executive regulations establish the general principles for order handling on the EGX. These principles include best execution, price priority and time priority.
Peer-to-Peer (P2P) trading platforms refer to the direct buying and selling of cryptocurrencies among users without intermediaries – eg, Binance, Huobi, OKX, Paybis. Egypt's regulatory framework for P2P trading is still evolving, but any entity that is willing to engage in any activity related to cryptocurrencies or electronic money must first obtain a licence from the CBE. In this respect, it must be noted that the CBE maintains a strong stance against cryptocurrencies, particularly Bitcoin, issuing multiple warnings highlighting the substantial risks involved in cryptocurrency trading. Furthermore, engaging in such activities without a licence carries a risk of imprisonment for up to ten years and/or a fine of EGP1 million to EGP10 million.
To adhere to the Egyptian stock market, investors can trade listed or unlisted securities (OTC) first by having a trading account with one of the brokerage firms licensed by both the FRA and the membership department at the EGX.
All customer orders must be promptly registered by brokerage firms, capturing details like the content of the order, the name of its source, capacity, the time and manner of its arrival to the company, and the price that the customer wishes to deal with.
Furthermore, brokerage firms are obliged to execute sale and purchase orders in full compliance with the stock exchange management. To safeguard trading integrity, brokers are responsible for verifying sufficient customer balances before selling and disbursing funds to buyers prior to trade execution.
The FRA monitors the market to ensure that trading involves sound securities, preventing both fraud and exploitation on the exchange. The EGX establishes a dedicated committee that is responsible for:
Brokerage firms shall submit customer orders to the stock exchange within the specified timeframe or, in the absence of such specification, during the first session following receipt thereof. Orders are executed according to the date and time of their receipt at the brokerage company, and the execution of orders given to the company’s representative during trading is in accordance with the priority in which they received those orders. The brokerage firm shall, subsequent to the successful completion of a transaction, duly notify both the stock exchange and the client of its implementation within the next business day following the transaction.
Furthermore, a brokerage firm that executes a transaction in contravention of the client's instructions, involving a security not legally permitted for trading or a security subject to seizure, shall be obliged to deliver another document within one week from the date of such transaction. Otherwise, the client shall be entitled to compensation, without prejudice to their right to seek legal recourse against the responsible party.
Payment for order flow is not expressly regulated under Egyptian law, instead falling under the general provisions of the individual trading or brokerage account agreements.
Market integrity is built on two key elements: adequate disclosure and a fraud-free market. To uphold market integrity, adequate disclosure is required by the Capital Market Law and its executive regulations from brokerage companies to disclose conflicts of interest and maintain strict client confidentiality. As for fraud, the Capital Market Law prohibits insider trading, which is a type of securities fraud where non-public, material information about a company is used to gain an unfair advantage in trading its securities.
The EGX establishes trading rules and procedures for all participants, including high-frequency and algorithmic trading.
The EGX has created an electronic trading platform for the Primary Dealers System, which facilitates bond trading based on “clean prices”, where accrued interest is factored in automatically. It also calculates key metrics like yield to maturity, current yield, duration and accrued interest. The system connects electronically with primary dealers, custodians and Misr for Central Clearing, Depository and Registry Company (MCDR).
Launched to boost bond market liquidity, the Primary Dealers System aims to lower government borrowing costs and equip the CBE with tools for secondary market intervention via open market operations. Its primary functions are underwriting initial government securities offerings and acting as market makers in the secondary market.
Becoming a market maker in Egypt requires a licence from the FRA and registration in their designated register, as stipulated by the Capital Market Law. To qualify, a company must meet specific criteria set by the FRA, including:
Market maker activity was incorporated into Egypt's capital market in 2007 via a Ministerial decree, expanding the services offered by capital market companies.
Unfortunately, no applicable information specific to this jurisdiction is available at present.
Unfortunately, no applicable information specific to this jurisdiction is available at present.
DeFi employs cryptocurrency and blockchain technology for the administration of financial transactions, allowing the lending, borrowing or investing of money directly with other people, without an intermediary (such as banks or brokers).
Currently, there are no specific regulations directly governing DeFi under Egyptian law. However, it is important to consider that DeFi activities may fall under the existing laws and regulations, depending on their nature and the technologies involved. The existing relevant frameworks are as follows.
Financial research platforms are digital software or tools that aggregate and analyse vast amounts of financial data to help users make informed investment decisions. Under the provisions of the Non-Banking Fintech Law, financial research platforms engaging in fintech activities are required to be licensed by the FRA (Articles 3 and 8) and registered in the register of financial consulting companies and entities licensed by the FRA in order to carry out financial evaluation and prepare fair value studies (Article 28 and 28 bis of the Capital Market Law No 95 of 1992).
The Anti-Cybercrime Law grants the NTRA the ability to block digital content, websites and platforms violating anti-cybercrime rules, including misinformation. Non-compliance can lead to significant penalties for service providers, including jail sentences of two years minimum and/or fines ranging between EGP100,000 and EGP300,000 (Article 27 of the Anti-Cybercrime Law No 175 of 2018, and Article 188 of the Egyptian Penal Code No 58 of 1937). The Media Law empowers the Supreme Council for Media Regulation to take similar action against platforms infringing media regulations.
The rules on handling unverified information are outlined in 9.2 Regulation of Unverified Information.
Egyptian law imposes strict regulations on insurance activities. According to Law No 10 of 1981, anyone engaging in insurance or reinsurance, directly or through intermediaries, must be licensed by the FRA, including fintech companies selling or marketing insurance products. The Non-Banking Fintech Law includes fintech in non-banking financial activities, including insurtech. This is in addition to the two recently issued FRA decrees in 2023 – one outlining the technological infrastructure requirements for entities operating in non-banking financial activities, including insurtech (FRA Decree No 139 of 2023 dated 21 June 2023), and the other requiring non-banking financial activities to have a licence certifying that they have processes in place to verify digital identity, digital contracting and digital record-keeping (FRA Decree No 140 of 2023 dated 21 June 2023).
Please see 10.1 Underwriting Process.
Banking Fintech Sector
The Banking Law empowers the CBE to actively drive the adoption of modern technology by licensed entities through various measures, including:
Non-Banking Fintech Sector
The Non-Banking Fintech Law also provides a comprehensive framework for licensing fintech activities in the non-banking financial services sector, including regtech activities.
The Non-Banking Fintech Law mandates the inclusion of specific contractual terms for non-banking fintech providers employing financial technology. These include:
While distributed ledger technology and blockchain remain largely unregulated, the Banking Law restricts certain activities in this domain. Issuing or trading cryptocurrencies and electronic money, as well as establishing platforms for their exchange, requires a licence from the CBE as per its regulations.
Please see 12.1 Use of Blockchain in the Financial Services Industry.
Please see 12.1 Use of Blockchain in the Financial Services Industry.
Please see 12.1 Use of Blockchain in the Financial Services Industry.
Please see 12.1 Use of Blockchain in the Financial Services Industry.
Please see 12.1 Use of Blockchain in the Financial Services Industry.
Under the Banking Law, engaging in any activity related to cryptocurrencies, including issuance, trading, promotion, platform operation or any connected activity, is strictly prohibited without prior authorisation from the CBE.
Currently, there are no specific regulations directly governing DeFi under Egyptian law.
While the regulatory landscape for NFTs in Egypt is currently evolving, existing regulations like the Banking Law prohibit the use of virtual assets (including NFTs) for financial purposes without a prior licence from the CBE.
The CBE has recently implemented regulations governing instant payments network (IPN) services, enabling people to make electronic inter-bank transfers through mobile phone applications utilising application programming interfaces (APIs). Consequently, banks intending to offer IPN services must first obtain a licence from the CBE.
The CBE places primary responsibility on senior bank management to proactively assess and mitigate risks associated with instant payments, particularly data privacy and security concerns. This ensures adequate protection of data and systems associated with transactions executed through the IPN from internal and external threats, achieved through measures such as:
Fintech fraud encompasses illicit practices within the financial technology sector, including online banking, mobile payments and other digital financial services. There are no special provisions regarding the elements of fraud in the financial services and fintech, so fraud in these sectors is subject to the general provisions of the Egyptian Penal Code.
Elements of fraud under the Egyptian law include (Article 336 of the Egyptian Penal Code No 58 of 1937):
Several established forms of fraud as defined by Egyptian law are relevant to the fintech industry, such as the following.
Cairo Business Plaza, Unit (204)
Fifth Settlement, New Cairo
Cairo, Egypt
+2 010 2225 6100
info@shehatalaw.com www.shehatalaw.com