Highlights

The Law regulating and developing the use of financial technology (“FinTech”) in non-banking financial activities (the “Law”) has finally seen the light by its adoption and publication on 08 February 2022.

The Law is a significant step in a long chain of modernization of the legislative infrastructure regulating the financial technology sector. This legislations chain, starting with the Anti-Cyber and Information Technology Crimes Law in 2018, Cashless payment methods Law in 2019, Personal Data Protection Law in 2020, and finally the New CBE Law in 202, aims to accomplish the Digitization Strategy in Egypt Vision 2030.

It is worth mentioning that the Law is considered the first to expressively say and approbate the use of Artificial Intelligence (“AI”) in Egyptian legislation.

The Law mentioned the concerned entities as “companies and entities engaged or wishing to engage in Non-Banking Financial activities by using FinTech.”

This alert aims to highlight key provisions and important stipulations of the Law and establish a complete guide to help analyze and apply its procedures and objectives.

Concerned Entities and Compliance Period

1. Concerned entities:
   The Law applies to companies and entities in Egypt already engaging, or wishing to engage in non-banking financial activities, defined as “non-banking financial markets and tools under the regulatory authority of the Financial Regulatory Authority (“FRA”)”, noting that companies abroad but providing such activities to residents in Egypt are also addressed by the Law provisions.
   These activities include:
   • capital markets;
   • insurance activities;
   • real-estate finance;
   • medium, small, and micro enterprises (“MSME”) finance;
   • financial lease; and
   • consumer finance.

   The FinTech used in such activities is also defined as a “mechanism using modern and innovative technology in the non-banking financial sector in order to support and develop the above-mentioned activities and services via digital applications, programs, platforms, e-register or AI”.

   Furthermore, the Law stipulates that FRA is considered the only competent administrative authority to supervise the application of its provisions. In pursuing such an objective, it can take all necessary procedures to support and develop modern and innovative FinTech in all non-banking financial activities.

2. Judiciary competency:The Economic Courts are expressively competent to hear disputes relevant to applying the Law provisions or its relevant implementing executive decisions.
3. Compliance period:Several important dates stipulated by the Law are as follows:Firstly, as no executive regulations are to be issued in the future, FRA shall issue relevant implementing executive decisions within six months starting February 2022 (date of the Law issuance).Secondly, entities and companies shall comply with the Law provisions for six months following the issuance of the above-mentioned FRA executive decisions.Thirdly, the FRA Board of Directors (“BOD”) has the right to extend the mentioned compliance period for similar periods not exceeding in total two years.

   Finally, the Prime Minister can also extend this period for another two years as maximum extension periods.

Key Provisions

1. Important definitions
   • The Law introduces some significant and modern terminology and definitions as an essential step in framing and defining the FinTech The Law defines “FinTech”, “digital contract”, “digital identity”, “digital platform”, “cyber-security”, “digital register”, “InsurTech”, “ConsumerTech”, and “financial inclusion”.
   • Also, the Law distinguishes “regulatory fintech (RegTech) and supervisory fintech (SupTech)”. While the first term is defined as “the FRA use of technology applications to regulate and monitor compliance of entities with the Law provisions and its executive decisions”, the second is mainly “a mechanism targeting the collection, verification and analysis of digital data through adapted technology applications.”
   • Thoroughly, the Law defines for the first time the “digital identity” as the technically analyzed data related to a specific natural or legal person, which are directly or indirectly defined through linking such data with other data such as name, voice, picture, identified numbers and identity in case these data allow the authentication of transaction operated through a digital platform.
   • “Digital contract” (“DC”) was defined as the contract electronically created to include parties’ rights and obligations and which can be registered in a digital register. This DC can also be a “smart contract” that utilizes applications (lines of code) to create a self/auto-execution contract, with auto control or authentication of its provisions.
   • Finally, “applications for Financial Advisory Program” were defined as a robo-advisory innovative system used by licensed entities operating non-banking financial activities to analyze clients’ data, financial situations, future objectives and plans to provide them with technical advice through the utilization of AI platforms.
     
     
2. The list of FRA objectives and competencies:The Law enlisted FRA objectives and mission in the application of its provision as follows:
   • empowering the financial inclusion; and
   • extending and enlarging users of non-banking financial activities while reducing costs.

   FRA shall, in the aim of pursuing such purposes, undertake the following:

   • issue licenses and put forward procedures for the establishment of companies in the application of the Law;
   • use applications (RegTech/SupTech) to ensure the respect of Law provisions, performing its regulatory role on concerned entities regarding transparency and governance criteria, besides the protection of dealers in non-banking financial markets;
   • use of applications, AI mechanism and other digital portals to ensure data collection, authentication and analysis as well as detecting law violations, money-laundry suspicions, early detection of liquidity risks and any other financial stability risks;
   • create a testing and regulatory environment for fintech applications;
   • provide data and devices security regulations; and
   • raise awareness of fintech use in non-banking financial activities and maintain a competitive environment for users.

Important Stipulations

1. Participation and license obtaining procedures for non-banking financial activities using fintech:It is worth mentioning that a series of procedures have been set out for several types of companies, as follows:
   
   
   • Licensing guidelines to establish a new company wishing to engage in non-banking financial activities using fintech: (Article 3)
     An application shall be presented to FRA on available templates in such a case. Afterwards, the FRA shall examine the application and decide on it within 30 days. The FRA will also cater for the licensing of international service providers wishing to provide fintech services regulated under the Law to Egyptian companies or, more generally, to residents of Egypt.
   • Additional requirements to obtain licenses: (Article 4)
     The licensed company shall solely engage in the licensed FinTech activity and shall not carry out any other activities. Moreover, the licensed company shall identify the direct and indirect shareholding structure and connected parties. Finally, the licensed company shall have in place the required technical equipment and infrastructure and data system and security means as determined by the FRA. In addition, the license fees amount should not exceed EGP 50 000. Moreover, the FRA BOD is to issue further decisions dictating requirements regarding the applying companies’ BOD composition, the ownership structure and regulating conflict of interest cases.
   • Licensing procedures regarding existing companies:
     Companies and entities already licensed to engage in non-banking financial activities may also apply for a license to provide non-banking financial activities using FinTech. In such case, the applying company shall:
     • have in place the required technical equipment and infrastructure and data system and security means as determined by the FRA; and
     • pay the reduced license fee (an amount not exceeding EGP 25 000).
2. The FinTech applications:On the other hand, the Law stipulated that licensed companies and entities can use applications for robo-advisory, nano finance, InsurTech, ConsumerTech. Additionally, the Law mentioned that the FRA BOD could accredit future applications if they meet the criteria and requirements of data protection, security, and authentication of both digital identity and contracts engaged in such activities.
3. The start-ups licensing procedures:The Law granted a particular procedure for start-ups in the FinTech space where the FRA shall allow such start-ups a temporary license not exceeding two years to support their mission in providing such non-banking financial activities and products for users. Future FRA decisions shall determine conditions and requirements of such license and supervisory and regulatory rules and the minimum issued capital for these start-ups. Accordingly, start-ups can also receive fees exemption.The FRA will also create a testing environment for these FinTech applications aiming to allow potentially interested parties to test these innovative fintech apps on real clients as a preparation for providing those apps to them, commonly known as “sandboxing”.

Complaints, Sanctions And Penalities

1. Complaints:The FRA is competent to receive complaints from users and dealers with companies and entities engaged in FinTech activities in case of Law provisions or decisions’ violation, noting that the complaint shall receive a reply within a month from its filling.Further decisions shall regulate complaints procedures, examine and notification of the final decision.A special provision is stipulated regarding the respect of Data Protection Law no.151/2020 by actors, licensed entities, their managers, and counsels regarding the confidentiality of clients’ information. In addition, the law introduced the revolutionary concept of electronic approval to share data supplementing the tools available under the Data Protection Law no.151/2020.
2. • notify the company to stop the contravention immediately;
   • invite the concerned company’s BOD to convene in the presence of the FRA representative;
   • dissolve the company’s BOD and assign a delegate for a period of six months extendable one-time;
   • suspend the company’s FinTech activity for six months; and
   • license cancellation.List of FRA sanctions and prerogatives: An escalation of prerogatives is accorded to the FRA in case of Law provisions or decisions’ violation, license’s condition missed, or if licensed companies act against market stability or shareholders’ rights. In such case, the FRA can undertake the following sanctions:
3. Committees of appeals:The FRA BOD’s decided to provide the committees of appeals’ composition, competencies, remunerations, and procedures of appeal filing and examination against administrative decisions issued by the FRA in applying the Law provisions. An appeal against a decision must be filed within 60 days following its issuance or notification, and a final decision must be taken within 30 days.
4. Penalties:
   • The Law stipulated several penalties between imprisonment and fines (EGP 20 000 – EGP 2 million) in case of engaging in FinTech activities without obtaining licenses or authorizations, contraventions to confidentiality and data protection obligations, or hiding data and documents during an investigation.
   • Additional sanctions are provided for the effective manager of the legal entity in case of Law provisions’ violation. Possible prevention from continuing the activity for five years is also provided.
   • Finally, the Law permitted the reconciliation if fines are paid even during the case hearing or after the issuance of judicial decision.