Fintech was not regulated in Egypt till the issuance of the Banking Law No 194 of 2020 (the “Banking Law”) in 2020. The Banking Law addresses the regulation of several fintech sectors, which include digital banks, cryptocurrency and e-payments. The current government of Egypt has continued to promote financial inclusion and the digitisation of the financial sector within Egypt. In July 2020, the Financial Regulatory Authority (FRA) proposed a draft fintech law to regulate the use of fintech to deliver non-banking financial services (NBFS) in Egypt. This draft was reviewed by the Egyptian House of Representatives and a number of changes were made to the said draft; the changed draft was approved and issued under Law No 5 of 2022 to be the first ever Fintech Law in Egypt (the “New Fintech Law”). This New Fintech Law was published in the Official Gazette on 8 February 2022. The aims of the New Fintech Law are to facilitate the integration of technology into financial services and to introduce a regulatory framework for fintech businesses to support non-bank financial services (NBFS). It covers services such as robo-advisory, microfinance, insurtech, artificial intelligence, mobile applications and digital platforms.

Fintech has become increasingly popular and dominant within the Egyptian market; the most popular business models that predominate Egyptian jurisdiction are payment platforms and financing services. According to several reports, digital payment will be the market’s dominant segment by 2025. For example, the rise of Fawry is the largest e-payment service in Egypt. 

Fintech involves the application of multiple laws and regulations in addition to the Banking Law and New Fintech Law, namely:

• the Non-cash Payment Methods Law No 18 of 2019; the E-signature Law No 15 of 2004 and its Executive Regulation;
• the Non-Financial Markets and Instruments Law No 10 of 2009;
• the Microfinance Law No 141 of 2014;
• the Trade Code No 17 of 1999;
• the Consumer Finance Law No 18 of 2020;
• the Anti-Cybercrime Law No 175 of 2018;
• the Investment Law No 72 of 2017 and its Executive Regulation;
• the Consumer Protection Law No 181 of 2018 and its Executive Regulation;
• the Small and Microenterprises Law No 141 of 2004 and its Executive Regulation;
• the Telecoms Law No 10 of 2003;
• the Media Law No 180 of 2018;
• the Capital Market Law No 95 of 1992 and its Executive Regulation (the “Capital Market Law”);
• the Movable Securities Law No 115 of 2015 and its Executive Regulation;
• the Anti-Money Laundering Law No 80 of 2002 and its Executive Regulation (the "AML Law");
• the Public Entities Contracts Law No 182 of 2018 and its Executive Regulation; 
• Presidential Decree No 89 of 2017, founding the National Payments Council; and
• the Data Protection Law No 151 of 2020 (the “Data Protection Law”).

Both direct and indirect charges are allowed under the current legal regime.

The regulation of fintech industry participants is now mainly governed by the New Fintech Law and the Banking Law. According to the New Fintech Law, the FRA shall issue special regulations for fintech providers within the NBFS within six months as of 9 February 2022. This being said, the regulation of fintech industry participants within the NBFS is different from the regulation of legacy players. However, within the banking sector, the regulations that govern both fintech industry participants and legacy players are  almost the same.

In May 2019, the Central Bank of Egypt (CBE) launched a regulatory sandbox for the purpose of providing fintech players with a virtual space within which, subject to a specific framework, applicants can experiment with their solutions for a limited period of time on a small scale and under a well-defined parameter. Applicants wishing to join the regulatory sandbox should fill in the regulatory sandbox online application form accessed via the CBE’s official website. Applicants who apply will be qualified to enter the regulatory sandbox if the innovative product, service or solution is within the scope of fintech services and has the scope to improve accessibility and efficiency in providing financial services.

The jurisdiction of the different regulators is as follows.

• The CBE is empowered by Law No 88 of 2003 on the Central Bank of Egypt and the Banking Sector to, among other things, regulate bank accounts and banking transactions.
• The Information Technology Industry Development Agency is empowered by the E-signature Law No 15 of 2004 to, among other things, promote and develop the information technology and communications industry, support small and medium-sized enterprises in using e-transactions and regulate e-signature services activities.
• The FRA is empowered by the Non-Financial Markets and Instruments Law No 10 of 2009 to, among other things, license the carrying out of non-banking financial activities and the protection of stakeholders within the non-banking financial market. It is also empowered by the New Fintech Law to issue licences to NBFS who use fintech.
• The National Payments Council is empowered by Presidential Decree No 89 of 2017 to, among other things, reduce the use of cash outside the banking sector, support and encourage the use of electronic methods and channels instead of cash, and protect the consumers from fraud in payment systems and services.
• The National Telecommunications Regulatory Authority (NTRA) is generally empowered by Telecoms Law No 10 of 2003 to regulate and enhance telecommunication services.

There are specific legal requirements and regulatory guidance for the outsourcing of specific services. For example, online trading is subject to specific regulations requiring brokerage companies to satisfy certain conditions and requirements to provide any trading solutions online. These conditions and requirements include specific technical requirements and conditions on the information technology infrastructure of the brokerage companies.

Another example, according to a Circular issued by the CBE in 2014, is that no bank registered with the CBE may provide internet banking solutions, including online lending, unless prior authorisation is obtained from the CBE. This prior authorisation requires all banks registered with the CBE to meet specific legal requirements, including the provision of a penetration test report to the CBE. Furthermore, according to the Banking Law the board of directors determines the important services that are provided to banks such as outsourcing and technical services, and it has the right to set the conditions and procedures for registering their providers with the CBE, provided that they include, in particular, determining the minimum that must be met with regard to governance requirements, risk management, service performance standards and controls for maintaining confidentiality. 

Banks are prohibited from seeking assistance from providers of such services who are not registered with the CBE, and the bank shall be fully responsible for these actions.

According to the Banking Law, delegated services are defined as the services delegated by licensed entities to third parties in order to perform certain functions and services on their behalf. Accordingly, these delegated service providers must register with the CBE. 

There is no applicable information in this jurisdiction.

There is no applicable information in this jurisdiction.

According to the Anti-Cybercrime Law all providers of information technology and telecommunications services, including the processing or storing of data, must retain and store users’ data for at least 180 continuous days, including identification, the content of the services’ system, communication traffic, terminals and any other data required by NTRA.

The service providers must also keep all stored and archived data (including personal data) confidential and not disclose the data unless there is court order to do so. 

The Data Protection Law was recently introduced, which applies to any personal data that is processed electronically, whether partially or entirely. Furthermore, according to the New Fintech Law, NBFS which use fintech shall not disclose any of their clients' personal data without their prior written consent.

According to the Banking Law, banks shall be audited by two auditors selected by the bank from among those registered in the register prepared for this purpose in accordance with the rules set by CBE. According to the Banking Law:

• a single auditor may not review the accounts of more than two banks at the same time;
• the auditor may not be a shareholder in the bank that reviews its accounts or provides services to it;
• the bank shall notify the CBE of the appointment of the auditors within 30 days from the date of their appointment; and
• the CBE governor may, for the reasons they deem fit, entrust a third auditor to carry out a specific task and the CBE shall bear their fees.

There is no applicable information in this jurisdiction.

Money laundering is mainly governed by the AML Law and its Executive Regulation. The AML Law names 15 entities that must comply with its provisions and its executive regulation, including all banks, branches of foreign banks in Egypt and money transfer entities. Those entities are also subject to several obligations under other laws governing their specific activities. Violating these obligations will result in the imposition of different penalties including fines or imprisonment, or both.

There are no different asset classes under the New Fintech Law. However, the FRA may adopt different asset classes within the regulations that will be issued in application of the New Fintech Law.

The implementation of solutions introduced by robo-advisers is subject to the issuance of regulations by the FRA in application of the New Fintech Law.

As the New Fintech Law was very recently introduced in February 2022, it is too early to discuss practical issues related to best execution of customer trades within the fintech sector.

The CBE’s third version of the Mobile Payments Regulations details the rules and terms for digital lending through mobile phones. Accordingly, without having to visit the bank branch, mobile loans may be provided by banks in an instant electronic manner via the mobile payment service. 

According to the rules set by the CBE, the said mobile loans have approximate maximum limits of:

• EGP5,000 for individuals;
• EGP15,000 for category (A) companies, which includes companies and micro-establishments that have documents or headquarters or their activities can be verified by any other means, who have a mobile account with the bank or its service providers in accordance with due diligence procedures for mobile payment customers issued by the Anti-Money Laundering and Terrorist Financing Unit in March 2020 and its amendments; and
• EGP10,000 for category (B) companies, which include companies and micro-establishments or individuals with other professions not under Category A companies, for example, plumbers, maintenance workers, electricians, etc, which are listed under “economic activity” in accordance with the explanatory memorandum to be issued by the CBE and have a mobile account with the bank or its service providers in accordance with due diligence procedures for mobile payment customers issued by the Anti-Money Laundering and Terrorist Financing Unit in March 2020 and its amendments.

However, these limits may be amended by the CBE’s governor. 

It should be noted that the third edition of the Mobile Payments Regulations is considered to be the first step in regulating lending through other technology channels.

According to the CBE, any request to obtain digital lending services through mobile phones is conditional upon obtaining the customer’s approval of the terms and conditions for the use of means of proof of identity. Furthermore, the bank must enquire about the customer from authorised credit rating and intelligence companies, especially the total amounts of the customer's existing digital facilities granted through the mobile payment service using mobile phones. Furthermore, the bank may use alternative data for credit assessments through digital assessment models such as Behaviour Scoring Models, especially in the case of clients who do not have any credit history, provided that a strategy is developed to deal with risks and expected losses in addition to the expected non-performing loans ratio, and testing procedures and criteria should be set to process the results of these procedures.

The legal and regulatory issues associated with sources of funds for loans depend on the applicable law. For example, if the loans are provided by banks, then the Banking Law applies to the source of funds of the loans. However, if the loans are provided within the NBFS, then the New Fintech Law shall apply to the source of funds for such loans.

In general, the syndication of loans is very common within the lending scene in Egypt.

According to the Executive Regulation of the Banking Law, the CBE determines the conditions and procedures for granting licences to operate payment systems or provide payment services, in particular the technology used and the quality standards for providing the service. The said Executive Regulation has not yet been issued. However, the CBE adopts, on a regular basis, rules for the control and supervision of each of the payment system operators and payment service providers, and it has the right to impose specific standards, controls or rules on any payment system operator or payment service provider if circumstances so require, in particular, rules for interoperability between payment systems, rules for providing payment services, and rules and conditions of payment orders.

According to the CBE regulations, transactions between Egyptian persons, whether natural or legal persons, can only be made inside the Arab Republic of Egypt and in the local currency (Egyptian pounds), except for a few cases where those transactions can be made in foreign currencies. It is not allowed, in general, to exchange other currencies, or perform currency exchanges or clearing between customer accounts of other currencies without referring to the CBE. Furthermore, in accordance with the mobile payment regulations issued by the CBE, system users are allowed to receive transfers from abroad in foreign currencies in accordance with the following rules: 

• the service is limited to customers who are natural persons;
• special care is taken to monitor incoming transfers to customers regularly and to ensure there is no suspicion of money laundering or financing terrorism or any crime;
• the bank determines the maximum transfer amount from abroad in accordance with the assessment of risks and the established rules in this regard; 
• the bank takes the appropriate measures to ensure that the transfer belongs to the same user of the system and that the value has been added in Egyptian pounds to their mobile phone account;
• the values ​​of incoming transfers from abroad should not be added to the mobile phone account before examining these transfers; and
• it is verified that the two transfer parties are not included in the local and international sanctions lists, and any other lists that the bank deems necessary to refer to.

As a general rule, investment fund activities can only be carried out if a licence is obtained from the FRA. However, banks that registered with the CBE may carry out the activity, provided that an approval is obtained from the CBE.

According to the FRA’s guide on the protection of customers in the NBFS in capital market activity, investment administrators and funds or any form of collective investment shall disclose to current and prospective clients the following matters:

• recurring trade policies with the clarification of the risks of these policies to the client; 
• any additional advantage that any of the related companies or financial institutions may obtain; 
• the performance of the investment portfolio that belongs to investment funds with the utmost transparency during the different intervals and in a manner that reflects the credibility of the actual performance of the fund; 
• a guide explaining all the relevant terms and conditions for each fund that the investors or clients deal with or enter into, and that explanation should be in a clear and easy to understand manner, in addition to the disclosure any other necessary documents; 
• a statement of all the main facts including investment policy, strategic plans, risk management, buying and selling prices for returns, rights of redemption and withdrawal, costs and expenses, conflict of interest, customer complaints files, and a fair and honest description of the fund’s performance; 
• any conflicts of interest; and 
• any other disclosures according to the prospectus.

According to the Egyptian stock exchange (EGX), there are a variety of trading platforms that are used within the Egyptian jurisdiction. First is the X-Stream Trading System, which is the main trading platform in the main market and SMEs, and there are also the sub-systems which include the following. 

• Registering the investors (Coding System) – a system used to distinguish each of the investors dealing in the market with a code that they use for trading.
• Omnibus Accounts System – a system where orders of a group of investors are executed in the name of a compound account and are reallocated after the trading session at the average executed prices.
• Block Trades System – a system designed to execute transactions of large size to neutralise their impact on the security’s price in the market.
• Surveillance System – one of the mechanisms used by the EGX to verify that the executed transactions are in accordance with the laws, regulations and procedures stipulated to protect investors.
• Operations System (OPR) – this system requires certain conditions and criteria to be executed.
• Disclosure System – a system used to announce the important news and data related to the traded securities.
• OTC Trading System – a system where unlisted companies are traded.

Before investors can trade listed or unlisted securities (OTC), each investor must have a trading account with one of the licensed brokerage firms by the FRA and the EGX membership department.

Other than EXG, please note that Egypt has another stock exchange for SMEs called the Nile Stock Exchange (NILEX). 

Please refer to 7.1 Permissible Trading Platforms. 

The Banking Law prohibits the issuance or trade of cryptocurrencies or electronic money or the creation or operation of platforms for their trading without obtaining a licence from the CBE in accordance with its rules and procedures.

The listing and delisting rules of securities on EGX regulate everything related to Egyptian and foreign companies and entities who want to list their securities. The rules explain the conditions and procedures for the listing of such securities. For example, the FRA recently reduced the minimum required number of shares to be able to be listed on EGX. The new regulations now stipulate that companies shall offer no less than 1% of the total free-float market cap.

Please refer to 7.1 Permissible Trading Platforms. 

There is no applicable information in this jurisdiction.

According to the Capital Market Law and its Executive Regulation, investors can trade listed or unlisted securities (OTC), firstly by having a trading account with one of the licensed brokerage firms by the FRA and the membership department at EGX. Furthermore, the brokerage firm must register their customer orders as soon as they are received. This registration includes the content of the order, the name of its source, capacity, the time and manner of its arrival to the company, and the price that the customer wishes to deal with.

Moreover, all brokerage firms shall execute the sale and purchase orders in full compliance with the stock exchange management. 

Brokers must ensure that customers’ have sufficient balance for a selling order; they must also ensure the necessary funds are issued to the buyer before the execution of the trade.

The FRA monitors the market and ensures that trading is carried out on sound securities and that the conduct of operations on the stock exchange is not tainted by fraud or exploitation. The stock exchange management also forms a committee (i) to monitor the daily trading operations, (ii) to ensure the implementation of laws and regulations, and (iii) to resolve disputes which may arise out of these operations.

Furthermore, brokerage firms must present their customers’ orders within a period and on the conditions specified on their orders, if the customer does not specify a deadline for the execution of the order, the brokerage firm must present it in the first session following its receipt. Orders are executed according to the date and time of their receipt to the brokerage company, and the execution of orders given to the company’s representative during trading is in accordance with the priority to which they received those orders. The brokerage firm must also complete the procedures for contracting the transaction and notify the stock exchange and the client of its implementation within the next working day of the transaction.

Moreover, a brokerage firm that has executed a transaction contrary to the client’s orders or on a security that is not legally allowed to be traded or that is seized is obligated to deliver another document within a week from the date of the other, otherwise they shall compensate the customer, without prejudice to its right to recourse against the party at fault. 

There are no special provisions governing payment for order flow. However, this payment should be governed by the relevant trading/brokerage account agreement.

The Capital Market Law and its Executive Regulation set out obligations on brokerage companies to maintain market integrity, which includes disclosure of any conflict of interest and non-disclosure of clients' information. Insider trading by brokerage companies is also prohibited. 

According to the EGX, an electronic trading system was developed by EGX to operate the Primary Dealers System through which the trading is conducted according to the clean price. In addition, the yield to maturity, the current yield, the duration and the accrued interest are automatically calculated.

The Primary Dealers System is linked electronically to the primary dealers, custodians and Misr for Central Clearing, Depository and Registry Company (MCDR).

The Primary Dealers System was mainly introduced to activate and enhance the liquidity of the bond market, as well as to reduce the cost of borrowing for the government and providing the CBE with financial tools that enable it to intervene in the secondary market through open market operations.

The main function of the Primary Dealers System is to underwrite the initial offerings of the government securities in the primary market, and to act as market makers in the secondary market. 

Market Maker activity is governed in accordance with the Capital Market Law. According to the Capital Market Law, it is prohibited to carry out any market maker activities without a prior licence from the FRA in addition to having registered in the FRA special register. 

According to an FRA decree, in order to obtain a market maker activity licence from the FRA the following conditions must be satisfied: 

• the minimum issued and paid-up capital of the company shall not be less than EGP10 million in cash;
• more than (50%) of the company's shares shall be in companies licensed by the FRA to work in activities related to the field of securities; and
• the allocation of a cash amount of not less than EGP10 million for each fund for traded indices, and the allocation of a cash amount of no less than (20%) of the average daily trading values ​​of the security for which the market is made – in all cases, the stock exchange shall revise this percentage every quarter on the basis that it must not be less than EGP250,000 for the security listed on the EGX and EGP100,000 for the security listed for SMEs.

Furthermore, market maker activity was introduced to the Egyptian capital market according to a decree issued by the Minister of Investment in 2007 by adding market maker activity to capital market companies' activities.

There is no applicable information in this jurisdiction.

There is no applicable information in this jurisdiction.

In accordance with the New Fintech Law, any NBFS using fintech are subject to licensing from the FRA.

The Anti-Cybercrime Law regulates the spreading of false information, by giving the NTRA the ability to block digital content, websites and platforms which violate any anti-cybercrime rules, including the spreading of false information. Furthermore, in the case of non-compliance, the law imposes jail sentences of up to five years and fines ranging between EGP10,000 and EGP20 million to service providers. Also, the Media Law gives the Supreme Council Media Regulation the right to block any platform violating such laws.

Please refer to 9.2 Regulation of Unverified Information. 

According to the Insurance Law No 10 of 1981, no one is allowed in person or through an intermediary to carry out any activity related to insurance or reinsurance in Egypt without obtaining a licence from the FRA. Fintech companies that sell or market insurance products fall within this restriction and are regulated in Egypt. The New Fintech Law covers fintech in NBFS, including insurtech.

Please refer to 10.1 Underwriting Processes. 

The Banking Law gives the CBE the right to take all necessary measures to promote the development of the use of modern technology in any of the areas relating to the provision of financial, banking or supervisory services to the licensed entities, in particular:

• establishing a regulatory testing environment for the applications of regtech; and 
• a temporarily exemption from some of the licensing requirements stipulated in the Banking Law for start-up companies and other entities that test regtech to provide innovative financial services.

This is in accordance with the rules and procedures set by the CBE. 

Furthermore, the New Fintech Law regulates the licensing of fintech in NBFS which includes regtech.

According to the New Fintech Law, NBFS which use fintech shall consider the following contractual terms:

• detailed provisions and evidence for the parties to the contract;
• determining the amount of financing granted, the time period for repayment, the number and terms of instalments and the value of each;
• the interest rate taken as a basis for calculating the value of the financing, and indicating whether it is fixed or variable, without being bound by the limits stipulated in other legislation; and
• data of guarantees obtained by the financier.

There are no specific regulations or rules applied to distributed ledger technology or blockchain. However, the Banking Law prohibits the issuance or trade of cryptocurrencies or electronic money or the creation or operation of platforms for their trading without obtaining a licence from the CBE in accordance with its rules and procedures. 

Please refer to 12.1 Use of Blockchain in the Financial Services Industry. 

Please refer to 12.1 Use of Blockchain in the Financial Services Industry.

Please refer to 12.1 Use of Blockchain in the Financial Services Industry. 

Please refer to 12.1 Use of Blockchain in the Financial Services Industry. 

Please refer to 12.1 Use of Blockchain in the Financial Services Industry. 

The Banking Law prohibits the issuance of cryptocurrencies, trading in them, promoting them, establishing or operating platforms for their trading or implementing activities related to them without obtaining a prior licence from the CBE.

DeFi is not yet defined within the current regulations.

There are currently no specific regulations which govern NFTs, this is due to their complexity and because they are always evolving, and therefore it would be difficult to target all issues arising out of them. However, according to the Banking Law. it is prohibited to use virtual assets without a prior licence from the CBE. 

The CBE recently introduced a set of regulations regarding open banking which govern the instant payments network’s (IPN) services in Egypt. These new regulations allow people to make electronic payments between bank accounts using their mobile phones via application programming interfaces (APIs). Accordingly, a licence must be obtained from the CBE by banks wishing to provide such services.

According to the CBE, senior management must ensure that the risks associated with instant payments (including data privacy and data security concerns) are analysed upon provision by the bank and reduced using appropriate tools. This includes overseeing the continuous development and maintenance of the security control infrastructure that provides adequate protection of data and systems of transactions executed through the IPN from any internal or external threats by, inter alia: 

• defining clear responsibilities for supervising the development and management of the bank’s security policies;
• providing the necessary protection to prevent unauthorised persons from entering computer systems; 
• providing the necessary electronic controls that would prevent any unauthorised insider or third parties from accessing the applications and databases of IPN services and laying the foundations for determining the right of access to the data, which requires the bank to classify the data and determine who has authorised accessibility; 
• reviewing and approving key aspects of the bank’s security oversight process, including periodic review of security procedures and system testing processes;
• choosing the encryption technology that is commensurate with the sensitivity and importance of the information as well as the degree of protection required and limiting the storage of data on mobile phones; 
• carrying out the exchange of information, data, etc, between the banks and payment service partners through leased lines or virtual private networks; and
• periodically assessing the security status of all systems – applications, networks, security devices, DNS servers and email servers.